p11-kit p11-kit Maintainer Stef Walter stef@thewalter.net p11-kit 8 System Commands p11-kit Tool for operating on configured PKCS#11 modules p11-kit list-modules p11-kit extract --filter=<what> --format=<type> /path/to/destination Description p11-kit is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system. See the various sub commands below. The following global options can be used: Run in verbose mode with debug output. Run in quiet mode without warning or failure messages. List Modules List system configured PKCS#11 modules. $ p11-kit list-modules The modules, information about them and the tokens present in the PKCS#11 modules will be displayed. Extract Extract certificates from configured PKCS#11 modules. $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/directory You can specify the following options to control what to extract. The and arguments should be specified. By default this command will not overwrite the destination file or directory. Specifies what certificates to export. You can specify the following values: Certificate anchors (default) Blacklisted certificates All certificates A PKCS#11 URI The format of the destination file or directory. You can specify one of the following values: DER X.509 certificate file directory of X.509 certificates File containing one or more certificate PEM blocks Directory PEM files each containing one certifiacte OpenSSL specific PEM bundle of certificates Directory of OpenSSL specific PEM files Java keystore 'cacerts' certificate bundle Overwrite output file or directory. Limit to certificates usable for the given purpose You can specify one of the following values: For authenticating servers For authenticating clients For email protection For authenticated signed code An arbitrary purpose OID Extract Trust Extract standard trust information files. $ p11-kit extract-trust OpenSSL, GnuTLS and Java cannot currently read trust information directly from the trust policy module. This command extracts trust information such as certificate anchors for use by these libraries. What this command does, and where it extracts the files is distribution or site specific. Packagers or administrators are expected customize this command. Bugs Please send bug reports to either the distribution bug tracker or the upstream bug tracker at https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&component=p11-kit. See also Further details available in the p11-kit online documentation at http://p11-glue.freedesktop.org/doc/p11-kit/.