Provided by: opencryptoki_3.4.1+dfsg-1ubuntu4.1_amd64 
NAME
pkcscca - configuration utility for the CCA token
SYNOPSIS
VERSION MIGRATION
pkcscca [-m v2objectsv3] [OPTIONS]
KEY MIGRATION
pkcscca [-m keys] [-s SLOTID] [-k aes|apka|asym|sym] [OPTIONS]
DESCRIPTION
The pkcscca utility assists in administering the CCA token.
In verion 2 of opencryptoki, CCA private token objects were encrypted in CCA hardware. In version 3 these
objects are encrypted in software. The v2objectsv3 migration option migrates these v2 objects by
decrypting them in CCA hardware using a secure key and then re-encrypting them in software using a
software key. Afterwards, v2 objects can be accessed in version 3.
There may be situations where CCA master keys must be changed. All CCA secret and private keys are
wrapped with a master key. After a CCA master key is changed, keys wrapped with the old master key need
to be re-wrapped with the current master key. The keys migration option migrates these wrapped keys by
unwrapping them with the old master key and wrapping them with the current master key.
GENERAL OPTIONS
-d|--datastore directory
the directory where the CCA token information is kept. This directory will be used to locate
the private token objects to be migrated. i.e. /var/lib/opencryptoki/ccatok
-v|--verbose
Provide more detailed output
VERSION MIGRATION
-m v2objectsv3
Migrates CCA private token objects from CCA encryption (used in v2) to software encryption (used in
v3).
KEY MIGRATION
-m keys
Unwraps private keys with an old CCA master key and wraps them with a new CCA master key.
-k aes|apka|asym|sym
Migrate keys wrapped with the selected master key type.
-s|--slotid SLOTID
The PKCS slot number.
FILES
/var/lib/opencryptoki/ccatok/TOK_OBJ/OBJ.IDX
contains current list of public and private token objects for the CCA token.
SEE ALSO
README.cca_stdll (in system's doc directory)
3.4.1 September 2014 PKCSCCA(1)