blob: 48a9201ce51dd191e6314cb466f091a9e4d668a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="p11-kit">
<refentryinfo>
<title>p11-kit</title>
<productname>p11-kit</productname>
<authorgroup>
<author>
<contrib>Maintainer</contrib>
<firstname>Stef</firstname>
<surname>Walter</surname>
<email>stef@thewalter.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>p11-kit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="manual">System Commands</refmiscinfo>
</refmeta>
<refnamediv>
<refname>p11-kit</refname>
<refpurpose>Tool for operating on configured PKCS#11 modules</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>p11-kit list-modules</command>
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit extract</command> ...
</cmdsynopsis>
<cmdsynopsis>
<command>p11-kit server</command> ...
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="p11-kit-description">
<title>Description</title>
<para><command>p11-kit</command> is a command line tool that
can be used to perform operations on PKCS#11 modules configured on the
system.</para>
<para>See the various sub commands below. The following global options
can be used:</para>
<variablelist>
<varlistentry>
<term><option>-v, --verbose</option></term>
<listitem><para>Run in verbose mode with debug
output.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-q, --quiet</option></term>
<listitem><para>Run in quiet mode without warning or
failure messages.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="p11-kit-list-modules">
<title>List Modules</title>
<para>List system configured PKCS#11 modules.</para>
<programlisting>
$ p11-kit list-modules
</programlisting>
<para>The modules, information about them and the tokens present in
the PKCS#11 modules will be displayed.</para>
</refsect1>
<refsect1 id="p11-kit-extract">
<title>Extract</title>
<para>Extract certificates from configured PKCS#11 modules.</para>
<para>This operation has been moved to a separate command <command>trust extract</command>.
See <member><citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
for more information</para>
</refsect1>
<refsect1 id="p11-kit-server">
<title>Server</title>
<para>Run a server process that exposes PKCS#11 module remotely.</para>
<programlisting>
$ p11-kit server pkcs11:token1 pkcs11:token2 ...
$ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
</programlisting>
<para>This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use <literal>p11-kit-client.so</literal> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <literal>P11_KIT_SERVER_ADDRESS</literal> and <literal>P11_KIT_SERVER_PID</literal>.</para>
</refsect1>
<refsect1 id="p11-kit-extract-trust">
<title>Extract Trust</title>
<para>Extract standard trust information files.</para>
<para>This operation has been moved to a separate command <command>trust extract-compat</command>.
See <citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for more information</para>
</refsect1>
<refsect1 id="p11-kit-remote">
<title>Remote</title>
<para>Run a PKCS#11 module remotely.</para>
<programlisting>
$ p11-kit remote /path/to/pkcs11-module.so
$ p11-kit remote pkcs11:token1 pkcs11:token2 ...
</programlisting>
<para>This is not meant to be run directly from a terminal. But rather in a
<option>remote</option> option in a
<citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
file.</para>
<para>This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.</para>
</refsect1>
<refsect1 id="p11-kit-bugs">
<title>Bugs</title>
<para>
Please send bug reports to either the distribution bug tracker
or the upstream bug tracker at
<ulink url="https://github.com/p11-glue/p11-kit/issues/">https://github.com/p11-glue/p11-kit/issues/</ulink>.
</para>
</refsect1>
<refsect1 id="p11-kit-see-also">
<title>See also</title>
<simplelist type="inline">
<member><citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist>
<para>
Further details available in the p11-kit online documentation at
<ulink url="https://p11-glue.github.io/p11-glue/p11-kit/manual/">https://p11-glue.github.io/p11-glue/p11-kit/manual/</ulink>.
</para>
</refsect1>
</refentry>
|
