[pkg-opensc-commit] [opensc] 287/295: pkcs15-tool: add documentation for secret key options

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit 00a710b93999bad9fffd701d1cb775bca3a36a12
Author: Timo Teräs <timo.teras at iki.fi>
Date:   Mon Jun 12 13:32:58 2017 +0300

    pkcs15-tool: add documentation for secret key options
---
 doc/tools/pkcs15-init.1.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/doc/tools/pkcs15-init.1.xml b/doc/tools/pkcs15-init.1.xml
index 7b28af6..3a0bd28 100644
--- a/doc/tools/pkcs15-init.1.xml
+++ b/doc/tools/pkcs15-init.1.xml
@@ -233,6 +233,22 @@
 				usually the user certificate that goes with the key, as well as the CA certificate.
 			</para>
 		</refsect2>
+
+		<refsect2>
+			<title>Secret Key Upload</title>
+			<para>
+				You can use a secret key generated by other means and upload it to the card.
+				For instance, to upload an AES-secret key generated by the system random generator
+				you would use
+			</para>
+			<para>
+				<command>pkcs15-init --store-secret-key /dev/urandom --secret-key-algorithm aes/256 --auth-id 01</command>
+			</para>
+			<para>
+				By default a random ID is generated for the secret key. You may specify an ID
+				with the <option>--id</option> if needed.
+			</para>
+		</refsect2>
 	</refsect1>
 
 	<refsect1>
@@ -382,6 +398,19 @@
 
 				<varlistentry>
 					<term>
+						<option>--secret-key-algorithm</option> <replaceable>keyspec</replaceable>,
+					</term>
+					<listitem>
+						<para>
+							<replaceable>keyspec</replaceable> describes the algorithm and length of the
+							key to be created or downloaded, such as <literal>aes/256</literal>.
+							This will create a 256 bit AES key.
+						</para>
+					</listitem>
+				</varlistentry>
+
+				<varlistentry>
+					<term>
 						<option>--store-certificate</option> <replaceable>filename</replaceable>,
 						<option>-X</option> <replaceable>filename</replaceable>
 					</term>
@@ -441,6 +470,24 @@
 
 				<varlistentry>
 					<term>
+						<option>--store-secret-key</option> <replaceable>filename</replaceable>,
+					</term>
+					<listitem>
+						<para>
+							Tells <command>pkcs15-init</command> to download the specified
+							secret key to the card. The file is assumed to contain the raw key.
+							They key type should be specified with <option>--secret-key-algorithm</option>
+							option.
+							You may additionally specify the key ID along with this command,
+							using the <option>--id</option> option, otherwise a random ID is generated.
+							For the multi-application cards the target PKCS#15 application can be
+							specified by the hexadecimal AID value of the <option>aid</option> option.
+						</para>
+					</listitem>
+				</varlistentry>
+
+				<varlistentry>
+					<term>
 						<option>--update-certificate</option> <replaceable>filename</replaceable>,
 						<option>-U</option> <replaceable>filename</replaceable>
 					</term>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git