Ubuntu Manpage: p11tool - Manipulate PKCS #11 tokens.

Provided by: gnutls-bin_3.0.11+really2.12.23-12ubuntu2.8_amd64

NAME

       p11tool - Manipulate PKCS #11 tokens.

SYNOPSIS

       p11tool [options]

DESCRIPTION

       Export/import  data  from  PKCS  #11  tokens.  To  use PKCS #11 tokens with gnutls the configuration file
       /etc/gnutls/pkcs11.conf has to exist and contain a number of lines  of  the  form  "load=/usr/lib/opensc-
       pkcs11.so".

OPTIONS

   Program control options
       -d, --debug LEVEL
              Specify the debug level. Default is 1.

       -h, --help
              Shows this help text

   Generic options
       --login
              Force login to the token for the intended operation.

       --provider MODULE
              In addition to /etc/gnutls/pkcs11.conf, load the specified module.

       --outfile FILE
              Print output to FILE.

       --inder, --inraw
              Input is DER formatted.

   Getting information on available X.509 certificates
       --list-tokens
              Prints all available tokens.

       --initialize URL
              Initializes (formats) the specified by the URL token. Note that several tokens do not support this
              fascility.

   Getting information on available X.509 certificates
       --list-all-certs
              Prints all available certificates.

       --list-certs
              Prints all certificates that have a corresponding private key stored in the token.

       --list-trusted
              Prints all certificates that have been marked as trusted.

   Getting information on private keys
       --list-privkeys
              Prints all available private keys.

   Handling generic objects
       --export URL
              Exports the object (e.g. certificate) specified by the URL.

       --delete URL
              Deletes the object specified by the URL. Note that several tokens do not support deletion.

       --detailed-url
              When printing URLs print them in a detailed (to the PKCS #11 module used) form.

       --no-detailed-url
              When printing URLs, do not print details on the module used.

   Storing objects
       --write URL
              Flag   to   set   when   writing   an  object.  Requires  one  of  --load-privkey,  --load-pubkey,
              --load-certificate or --secret-key options.

       --load-privkey
              Load a private key for the write operations.

       --load-pubkey
              Load an X.509 subjectPublicKey for the write operation.

       --load-certificate
              Load an X.509 certificate for the write operation.

       --secret-key
              Specify a hex encoded secret key for the write operation.

       --trusted
              The object stored will be marked as trusted.

       --label
              The label of the object stored.

   Controlling output
       -8, --pkcs8
              Use PKCS #8 format for private keys.

EXAMPLES

       To store a private key and certificate, run:

              $ p11tool --login --write "pkcs11:XXX"  --load-privkey key.pem --label "MyKey"
              $ p11tool --login --write "pkcs11:XXX"  --load-certificate cert.pem --label "MyCert"

       To view all objects in a token, use:

              $ p11tool --login --list-all

AUTHOR

       Nikos  Mavrogiannopoulos  <nmav@gnutls.org>  and  others;  see  /usr/share/doc/gnutls-bin/AUTHORS  for  a
       complete list.

                                               November 11th 2010                                     p11tool(1)