Ubuntu Manpage: p11tool - Manipulate PKCS #11 tokens.

Provided by: gnutls-bin_3.0.11+really2.12.23-12ubuntu2.8_amd64

NAME

       p11tool - Manipulate PKCS #11 tokens.

SYNOPSIS

       p11tool [options]

DESCRIPTION

       Export/import  data  from  PKCS  #11  tokens.  To  use  PKCS  #11  tokens  with gnutls the
       configuration file /etc/gnutls/pkcs11.conf has to exist and contain a number of  lines  of
       the form "load=/usr/lib/opensc-pkcs11.so".

OPTIONS

   Program control options
       -d, --debug LEVEL
              Specify the debug level. Default is 1.

       -h, --help
              Shows this help text

   Generic options
       --login
              Force login to the token for the intended operation.

       --provider MODULE
              In addition to /etc/gnutls/pkcs11.conf, load the specified module.

       --outfile FILE
              Print output to FILE.

       --inder, --inraw
              Input is DER formatted.

   Getting information on available X.509 certificates
       --list-tokens
              Prints all available tokens.

       --initialize URL
              Initializes  (formats)  the specified by the URL token. Note that several tokens do
              not support this fascility.

   Getting information on available X.509 certificates
       --list-all-certs
              Prints all available certificates.

       --list-certs
              Prints all certificates that have a corresponding private key stored in the token.

       --list-trusted
              Prints all certificates that have been marked as trusted.

   Getting information on private keys
       --list-privkeys
              Prints all available private keys.

   Handling generic objects
       --export URL
              Exports the object (e.g. certificate) specified by the URL.

       --delete URL
              Deletes the object specified by the URL. Note that several tokens  do  not  support
              deletion.

       --detailed-url
              When printing URLs print them in a detailed (to the PKCS #11 module used) form.

       --no-detailed-url
              When printing URLs, do not print details on the module used.

   Storing objects
       --write URL
              Flag  to set when writing an object. Requires one of --load-privkey, --load-pubkey,
              --load-certificate or --secret-key options.

       --load-privkey
              Load a private key for the write operations.

       --load-pubkey
              Load an X.509 subjectPublicKey for the write operation.

       --load-certificate
              Load an X.509 certificate for the write operation.

       --secret-key
              Specify a hex encoded secret key for the write operation.

       --trusted
              The object stored will be marked as trusted.

       --label
              The label of the object stored.

   Controlling output
       -8, --pkcs8
              Use PKCS #8 format for private keys.

EXAMPLES

       To store a private key and certificate, run:

              $ p11tool --login --write "pkcs11:XXX"  --load-privkey key.pem --label "MyKey"
              $ p11tool --login --write "pkcs11:XXX"  --load-certificate cert.pem --label "MyCert"

       To view all objects in a token, use:

              $ p11tool --login --list-all

AUTHOR

       Nikos       Mavrogiannopoulos       <nmav@gnutls.org>        and        others;        see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

                                        November 11th 2010                             p11tool(1)