[pkg-opensc-commit] [opensc] 287/295: pkcs15-tool: add documentation for secret key options
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:41 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 00a710b93999bad9fffd701d1cb775bca3a36a12
Author: Timo Teräs <timo.teras at iki.fi>
Date: Mon Jun 12 13:32:58 2017 +0300
pkcs15-tool: add documentation for secret key options
---
doc/tools/pkcs15-init.1.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml
index 7b28af6..3a0bd28 100644
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@@ -233,6 +233,22 @@
usually the user certificate that goes with the key, as well as the CA certificate.
</para>
</refsect2>
+
+ <refsect2>
+ <title>Secret Key Upload</title>
+ <para>
+ You can use a secret key generated by other means and upload it to the card.
+ For instance, to upload an AES-secret key generated by the system random generator
+ you would use
+ </para>
+ <para>
+ <command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
+ </para>
+ <para>
+ By default a random ID is generated for the secret key. You may specify an ID
+ with the <option>--id</option> if needed.
+ </para>
+ </refsect2>
</refsect1>
<refsect1>
@@ -382,6 +398,19 @@
<varlistentry>
<term>
+ <option>--secret-key-algorithm</option> <replaceable>keyspec</replaceable>,
+ </term>
+ <listitem>
+ <para>
+ <replaceable>keyspec</replaceable> describes the algorithm and length of the
+ key to be created or downloaded, such as <literal>aes/256</literal>.
+ This will create a 256 bit AES key.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
<option>--store-certificate</option> <replaceable>filename</replaceable>,
<option>-X</option> <replaceable>filename</replaceable>
</term>
@@ -441,6 +470,24 @@
<varlistentry>
<term>
+ <option>--store-secret-key</option> <replaceable>filename</replaceable>,
+ </term>
+ <listitem>
+ <para>
+ Tells <command>pkcs15-init</command> to download the specified
+ secret key to the card. The file is assumed to contain the raw key.
+ They key type should be specified with <option>--secret-key-algorithm</option>
+ option.
+ You may additionally specify the key ID along with this command,
+ using the <option>--id</option> option, otherwise a random ID is generated.
+ For the multi-application cards the target PKCS#15 application can be
+ specified by the hexadecimal AID value of the <option>aid</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
<option>--update-certificate</option> <replaceable>filename</replaceable>,
<option>-U</option> <replaceable>filename</replaceable>
</term>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list