xenial (1) qcatool.1.gz

Provided by: qca2-utils_2.1.1-2ubuntu1_amd64 bug

NAME

       qcatool - command line tool for the Qt Cryptographic Architecture

DESCRIPTION

       qcatool  is a command line tool for performing various cryptographic operations with the Qt Cryptographic
       Architecture (QCA). qcatool can also be used for testing and debugging QCA.

USAGE

       qcatool has a range of options and commands. You only ever get to  use  one  command,  but  you  may  use
       several, one or no options.

OPTIONS

       As noted above, these are all optional, and may be combined.

       --pass=PASSWORD
              Specify  the  password  to use. This is probably a bad idea except for testing, because anyone can
              read the arguments to a command line application.

       --newpass=PASSWORD
              Specify the new password to use  for  password  change  with  the  key  changepass  and  keybundle
              changepass  commands.  This is probably a bad idea except for testing, because anyone can read the
              arguments to a command line application.

       --nonroots=CERTIFICATES
              Specify additional certificates, not trusted,  but  which  may  be  used  in  the  trust  path  if
              appropriate trust can be established.

       --roots=CERTIFICATES
              Specify additional certificates which can be used as trusted (root) certificates.

       --nosys
              Disable use of the standard root certificates that are provided by the operating system.

       --noprompt
              Disable  prompting  for passwords/passphrases. If you do not provide the passphrase on the command
              line  (with  --pass  or  --newpass)  this  will  cause  qcatool  to  abort  the   command   if   a
              password/passphrase is required.

       --ordered
              If  outputting  certificate  information fields (Distinguished Name and Subject Alternative Name),
              show them in same the order that they are present in the certificate rather  than  in  a  friendly
              sorted order.

       --debug
              Enable additional output to aid debugging.

       --log-file=FILENAME
              Log to the specified file.

       --log-level=LEVEL
              Log at the specified level. The log level can be between 0 (none) and 8 (most).

       --nobundle
              When  S/MIME  signing,  do  not  bundle the signer's certificate chain inside the signature.  This
              results in a smaller signature output, but requires the recipient to have  all  of  the  necessary
              certificates in order to verify it.

COMMANDS

       help, --help, -h
              Output usage (help) information.

       version, --version, -v
              Output version information.

       plugins
              List  available plugins. Use the --debug option to get more information on plugins which are found
              and which ones actually loaded.

       config save [provider]
              Save provider configuration. Use this to have the  provider's  default  configuration  written  to
              persistent storage, which you can then edit by hand.

       config edit [provider]
              Edit provider configuration. The changes are written to persistent storage.

       key make rsa|dsa [bits]
              Create a key pair

       key changepass [K]
              Add/change/remove passphrase of a key

       cert makereq [K]
              Create certificate request (CSR)

       cert makeself [K]
              Create self-signed certificate

       cert makereqadv [K]
              Advanced version of 'makereq'

       cert makeselfadv [K]
              Advanced version of 'makeself'

       cert validate [C]
              Validate certificate

       keybundle make [K] [C]
              Create a keybundle

       keybundle extract [X]
              Extract certificate(s) and key

       keybundle changepass [X]
              Change passphrase of a keybundle

       keystore list-stores
              List all available keystores

       keystore list [storeName]
              List content of a keystore

       keystore monitor
              Monitor for keystore availability

       keystore export [E]
              Export a keystore entry's content

       keystore exportref [E]
              Export a keystore entry reference

       keystore addkb [storeName] [cert.p12]
              Add a keybundle into a keystore

       keystore addpgp [storeName] [key.asc]
              Add a PGP key into a keystore

       keystore remove [E]
              Remove an object from a keystore

       show cert [C]
              Examine a certificate

       show req [req.pem]
              Examine a certificate request (CSR)

       show crl [crl.pem]
              Examine a certificate revocation list

       show kb [X]
              Examine a keybundle

       show pgp [P|S]
              Examine a PGP key

       message sign pgp|pgpdetach|smime [X|S]
              Sign a message

       message encrypt pgp|smime [C|P]
              Encrypt a message

       message signencrypt [S] [P]
              PGP sign & encrypt a message

       message verify pgp|smime
              Verify a message

       message decrypt pgp|smime ((X) ...)
              Decrypt a message (S/MIME needs X)

       message exportcerts
              Export certs from S/MIME message

ARGUMENTS

       The arguments to the commands are as follows.

       K = private key.

       C = certificate.

       X = key bundle.

       P = PGP public key.

       S = PGP secret key.

       E = generic entry.

       These must be identified by either a filename or a keystore reference ("store:obj").

AUTHOR

       qcatool was written by Justin Karneges as part of QCA. This manual page was written by Brad Hards.