NAME

       qcatool - command line tool for the Qt Cryptographic Architecture

DESCRIPTION

       qcatool is a command line tool for performing various cryptographic operations with the Qt
       Cryptographic Architecture (QCA). qcatool can also be used for testing and debugging QCA.

USAGE

       qcatool has a range of options and commands. You only ever get to use one command, but you
       may use several, one or no options.

OPTIONS

       As noted above, these are all optional, and may be combined.

       --pass=PASSWORD
              Specify  the  password  to  use.  This  is  probably a bad idea except for testing,
              because anyone can read the arguments to a command line application.

       --newpass=PASSWORD
              Specify the new password to use for password change with  the  key  changepass  and
              keybundle  changepass  commands.   This  is probably a bad idea except for testing,
              because anyone can read the arguments to a command line application.

       --nonroots=CERTIFICATES
              Specify additional certificates, not trusted, but which may be used  in  the  trust
              path if appropriate trust can be established.

       --roots=CERTIFICATES
              Specify additional certificates which can be used as trusted (root) certificates.

       --nosys
              Disable  use  of  the standard root certificates that are provided by the operating
              system.

       --noprompt
              Disable prompting for passwords/passphrases. If you do not provide  the  passphrase
              on the command line (with --pass or --newpass) this will cause qcatool to abort the
              command if a password/passphrase is required.

       --ordered
              If outputting  certificate  information  fields  (Distinguished  Name  and  Subject
              Alternative  Name),  show  them  in  same  the  order  that they are present in the
              certificate rather than in a friendly sorted order.

       --debug
              Enable additional output to aid debugging.

       --log-file=FILENAME
              Log to the specified file.

       --log-level=LEVEL
              Log at the specified level. The log level can be between 0 (none) and 8 (most).

       --nobundle
              When S/MIME signing, do not  bundle  the  signer's  certificate  chain  inside  the
              signature.   This results in a smaller signature output, but requires the recipient
              to have all of the necessary certificates in order to verify it.

COMMANDS

       help, --help, -h
              Output usage (help) information.

       version, --version, -v
              Output version information.

       plugins
              List available plugins. Use the --debug option to get more information  on  plugins
              which are found and which ones actually loaded.

       config save [provider]
              Save  provider configuration. Use this to have the provider's default configuration
              written to persistent storage, which you can then edit by hand.

       config edit [provider]
              Edit provider configuration. The changes are written to persistent storage.

       key make rsa|dsa [bits]
              Create a key pair

       key changepass [K]
              Add/change/remove passphrase of a key

       cert makereq [K]
              Create certificate request (CSR)

       cert makeself [K]
              Create self-signed certificate

       cert makereqadv [K]
              Advanced version of 'makereq'

       cert makeselfadv [K]
              Advanced version of 'makeself'

       cert validate [C]
              Validate certificate

       keybundle make [K] [C]
              Create a keybundle

       keybundle extract [X]
              Extract certificate(s) and key

       keybundle changepass [X]
              Change passphrase of a keybundle

       keystore list-stores
              List all available keystores

       keystore list [storeName]
              List content of a keystore

       keystore monitor
              Monitor for keystore availability

       keystore export [E]
              Export a keystore entry's content

       keystore exportref [E]
              Export a keystore entry reference

       keystore addkb [storeName] [cert.p12]
              Add a keybundle into a keystore

       keystore addpgp [storeName] [key.asc]
              Add a PGP key into a keystore

       keystore remove [E]
              Remove an object from a keystore

       show cert [C]
              Examine a certificate

       show req [req.pem]
              Examine a certificate request (CSR)

       show crl [crl.pem]
              Examine a certificate revocation list

       show kb [X]
              Examine a keybundle

       show pgp [P|S]
              Examine a PGP key

       message sign pgp|pgpdetach|smime [X|S]
              Sign a message

       message encrypt pgp|smime [C|P]
              Encrypt a message

       message signencrypt [S] [P]
              PGP sign & encrypt a message

       message verify pgp|smime
              Verify a message

       message decrypt pgp|smime ((X) ...)
              Decrypt a message (S/MIME needs X)

       message exportcerts
              Export certs from S/MIME message

ARGUMENTS

       The arguments to the commands are as follows.

       K = private key.

       C = certificate.

       X = key bundle.

       P = PGP public key.

       S = PGP secret key.

       E = generic entry.

       These must be identified by either a filename or a keystore reference ("store:obj").

AUTHOR

       qcatool was written by Justin Karneges as part of QCA. This manual  page  was  written  by
       Brad Hards.