ProxSpace/msys2/usr/share/gtk-doc/html/p11-kit/p11-kit.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>p11-kit: p11-kit</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="p11-kit">
<link rel="up" href="tools.html" title="Manual Pages">
<link rel="prev" href="tools.html" title="Manual Pages">
<link rel="next" href="pkcs11-conf.html" title="pkcs11.conf">
<meta name="generator" content="GTK-Doc V1.33.1 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="tools.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="tools.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="pkcs11-conf.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="p11-kit"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle">p11-kit</span></h2>
<p>p11-kit — Tool for operating on configured PKCS#11 modules</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">p11-kit list-modules</code> </p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit list-profiles</code>  ...
	</p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit add-profile</code>  ...
	</p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit delete-profile</code>  ...
	</p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit print-config</code> </p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit extract</code>  ...
	</p></div>
<div class="cmdsynopsis"><p><code class="command">p11-kit server</code>  ...
	</p></div>
</div>
<div class="refsect1">
<a name="p11-kit-description"></a><h2>Description</h2>
<p><span class="command"><strong>p11-kit</strong></span> is a command line tool that
	can be used to perform operations on PKCS#11 modules configured on the
	system.</p>
<p>See the various sub commands below. The following global options
	can be used:</p>
<div class="variablelist"><table border="0" class="variablelist">
<colgroup>
<col align="left" valign="top">
<col>
</colgroup>
<tbody>
<tr>
<td><p><span class="term"><code class="option">-v, --verbose</code></span></p></td>
<td><p>Run in verbose mode with debug
			output.</p></td>
</tr>
<tr>
<td><p><span class="term"><code class="option">-q, --quiet</code></span></p></td>
<td><p>Run in quiet mode without warning or
			failure messages.</p></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="p11-kit-list-modules"></a><h2>List Modules</h2>
<p>List system configured PKCS#11 modules.</p>
<pre class="programlisting">
$ p11-kit list-modules
</pre>
<p>The modules, information about them and the tokens present in
	the PKCS#11 modules will be displayed.</p>
</div>
<div class="refsect1">
<a name="p11-kit-list-profiles"></a><h2>List Profiles</h2>
<p>List PKCS#11 profiles supported by the token.</p>
<pre class="programlisting">
$ p11-kit list-profiles pkcs11:token
</pre>
<p>This searches the given token for profile objects that contain profile IDs
	which are then displayed in human-readable form.</p>
</div>
<div class="refsect1">
<a name="p11-kit-add-profile"></a><h2>Add Profile</h2>
<p>Add PKCS#11 profile to the token.</p>
<pre class="programlisting">
$ p11-kit add-profile --profile profile pkcs11:token
</pre>
<p>Creates a new PKCS#11 profile object on the token if it doesn't already exist.</p>
</div>
<div class="refsect1">
<a name="p11-kit-delete-profile"></a><h2>Delete Profile</h2>
<p>Delete PKCS#11 profile from the token.</p>
<pre class="programlisting">
$ p11-kit delete-profile --profile profile pkcs11:token
</pre>
<p>Searches the token for profile object that matches given PKCS#11
	profile ID and attempts to destroy it.</p>
</div>
<div class="refsect1">
<a name="p11-kit-print-config"></a><h2>Print Config</h2>
<p>Print merged configuration.</p>
<pre class="programlisting">
$ p11-kit print-config
</pre>
<p>P11-kit provides 3 levels of configuration: system wide, per-module, and per-user.
	At run-time all 3 levels are merged into a single configuration. This command displays the
	merged configuration.</p>
</div>
<div class="refsect1">
<a name="p11-kit-extract"></a><h2>Extract</h2>
<p>Extract certificates from configured PKCS#11 modules.</p>
<p>This operation has been moved to a separate command <span class="command"><strong>trust extract</strong></span>.
	See <span class="citerefentry"><span class="refentrytitle">trust</span>(1)</span>
	for more information</p>
</div>
<div class="refsect1">
<a name="p11-kit-server"></a><h2>Server</h2>
<p>Run a server process that exposes PKCS#11 module remotely.</p>
<pre class="programlisting">
$ p11-kit server pkcs11:token1 pkcs11:token2 ...
$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
</pre>
<p>This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use <code class="literal">p11-kit-client.so</code> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <code class="literal">P11_KIT_SERVER_ADDRESS</code> and <code class="literal">P11_KIT_SERVER_PID</code>.</p>
</div>
<div class="refsect1">
<a name="p11-kit-extract-trust"></a><h2>Extract Trust</h2>
<p>Extract standard trust information files.</p>
<p>This operation has been moved to a separate command <span class="command"><strong>trust extract-compat</strong></span>.
	See <span class="citerefentry"><span class="refentrytitle">trust</span>(1)</span>
	for more information</p>
</div>
<div class="refsect1">
<a name="p11-kit-remote"></a><h2>Remote</h2>
<p>Run a PKCS#11 module remotely.</p>
<pre class="programlisting">
$ p11-kit remote /path/to/pkcs11-module.so
$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
</pre>
<p>This is not meant to be run directly from a terminal. But rather in a
	<code class="option">remote</code> option in a
	<span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span>
	file.</p>
<p>This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.</p>
</div>
<div class="refsect1">
<a name="p11-kit-bugs"></a><h2>Bugs</h2>
<p>
    Please send bug reports to either the distribution bug tracker
    or the upstream bug tracker at
    <a class="ulink" href="https://github.com/p11-glue/p11-kit/issues/" target="_top">https://github.com/p11-glue/p11-kit/issues/</a>.
  </p>
</div>
<div class="refsect1">
<a name="p11-kit-see-also"></a><h2>See also</h2>
<span class="simplelist"><span class="citerefentry"><span class="refentrytitle">pkcs11.conf</span>(5)</span></span><p>
    Further details available in the p11-kit online documentation at
    <a class="ulink" href="https://p11-glue.github.io/p11-glue/p11-kit/manual/" target="_top">https://p11-glue.github.io/p11-glue/p11-kit/manual/</a>.
  </p>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.33.1</div>
</body>
</html>