<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="p11-kit">

<refentryinfo>
	<title>p11-kit</title>
	<productname>p11-kit</productname>
	<authorgroup>
		<author>
			<contrib>Maintainer</contrib>
			<firstname>Stef</firstname>
			<surname>Walter</surname>
			<email>stef@thewalter.net</email>
		</author>
	</authorgroup>
</refentryinfo>

<refmeta>
	<refentrytitle>p11-kit</refentrytitle>
	<manvolnum>8</manvolnum>
	<refmiscinfo class="manual">System Commands</refmiscinfo>
</refmeta>

<refnamediv>
	<refname>p11-kit</refname>
	<refpurpose>Tool for operating on configured PKCS#11 modules</refpurpose>
</refnamediv>

<refsynopsisdiv>
	<cmdsynopsis>
		<command>p11-kit list-modules</command>
	</cmdsynopsis>
	<cmdsynopsis>
		<command>p11-kit extract</command> ...
	</cmdsynopsis>
	<cmdsynopsis>
		<command>p11-kit server</command> ...
	</cmdsynopsis>
</refsynopsisdiv>

<refsect1 id="p11-kit-description">
	<title>Description</title>
	<para><command>p11-kit</command> is a command line tool that
	can be used to perform operations on PKCS#11 modules configured on the
	system.</para>

	<para>See the various sub commands below. The following global options
	can be used:</para>

	<variablelist>
		<varlistentry>
			<term><option>-v, --verbose</option></term>
			<listitem><para>Run in verbose mode with debug
			output.</para></listitem>
		</varlistentry>
		<varlistentry>
			<term><option>-q, --quiet</option></term>
			<listitem><para>Run in quiet mode without warning or
			failure messages.</para></listitem>
		</varlistentry>
	</variablelist>

</refsect1>

<refsect1 id="p11-kit-list-modules">
	<title>List Modules</title>

	<para>List system configured PKCS#11 modules.</para>

<programlisting>
$ p11-kit list-modules
</programlisting>

	<para>The modules, information about them and the tokens present in
	the PKCS#11 modules will be displayed.</para>

</refsect1>

<refsect1 id="p11-kit-extract">
	<title>Extract</title>

	<para>Extract certificates from configured PKCS#11 modules.</para>

	<para>This operation has been moved to a separate command <command>trust extract</command>.
	See <member><citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
	for more information</para>
</refsect1>

<refsect1 id="p11-kit-server">
	<title>Server</title>

	<para>Run a server process that exposes PKCS#11 module remotely.</para>

<programlisting>
$ p11-kit server pkcs11:token1 pkcs11:token2 ...
$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
</programlisting>

	<para>This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use <literal>p11-kit-client.so</literal> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <literal>P11_KIT_SERVER_ADDRESS</literal> and <literal>P11_KIT_SERVER_PID</literal>.</para>

</refsect1>

<refsect1 id="p11-kit-extract-trust">
	<title>Extract Trust</title>

	<para>Extract standard trust information files.</para>

	<para>This operation has been moved to a separate command <command>trust extract-compat</command>.
	See <citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry>
	for more information</para>
</refsect1>

<refsect1 id="p11-kit-remote">
	<title>Remote</title>

	<para>Run a PKCS#11 module remotely.</para>

<programlisting>
$ p11-kit remote /path/to/pkcs11-module.so
$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
</programlisting>

	<para>This is not meant to be run directly from a terminal. But rather in a
	<option>remote</option> option in a
	<citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
	file.</para>
	<para>This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.</para>
</refsect1>

<refsect1 id="p11-kit-bugs">
  <title>Bugs</title>
  <para>
    Please send bug reports to either the distribution bug tracker
    or the upstream bug tracker at
    <ulink url="https://github.com/p11-glue/p11-kit/issues/">https://github.com/p11-glue/p11-kit/issues/</ulink>.
  </para>
</refsect1>

<refsect1 id="p11-kit-see-also">
  <title>See also</title>
    <simplelist type="inline">
        <member><citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
    </simplelist>
    <para>
    Further details available in the p11-kit online documentation at
    <ulink url="https://p11-glue.github.io/p11-glue/p11-kit/manual/">https://p11-glue.github.io/p11-glue/p11-kit/manual/</ulink>.
  </para>
</refsect1>

</refentry>