danetool is being built even without libgnutls-dane.
[gnutls.git] / src / p11tool-args.def
blob7b8e912e8b0c288e2762e28e4d46d9bc66b44246
1 AutoGen Definitions options;
2 prog-name = p11tool;
3 prog-title = "GnuTLS PKCS #11 tool";
4 prog-desc = "Program to handle PKCS #11 smart cards and security modules.\n";
5 detail = "Program that allows handling data from PKCS #11 smart cards
6 and security modules.
8 To use PKCS #11 tokens with gnutls the configuration file
9 /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of the form 'load=/usr/lib/opensc-pkcs11.so'.
12 short-usage = "p11tool [options] [url]\np11tool --help for usage instructions.\n";
13 explain = "";
14 reorder-args;
15 argument = "[url]";
17 #define OUTFILE_OPT 1
18 #include args-std.def
20 flag = {
21 name = list-tokens;
22 descrip = "List all available tokens";
23 doc = "";
26 flag = {
27 name = export;
28 descrip = "Export the object specified by the URL";
29 doc = "";
32 flag = {
33 name = list-mechanisms;
34 descrip = "List all available mechanisms in a token";
35 doc = "";
38 flag = {
39 name = list-all;
40 descrip = "List all available objects in a token";
41 doc = "";
44 flag = {
45 name = list-all-certs;
46 descrip = "List all available certificates in a token";
47 doc = "";
50 flag = {
51 name = list-certs;
52 descrip = "List all certificates that have an associated private key";
53 doc = "";
56 flag = {
57 name = list-all-privkeys;
58 descrip = "List all available private keys in a token";
59 doc = "";
62 flag = {
63 name = list-all-trusted;
64 descrip = "List all available certificates marked as trusted";
65 doc = "";
68 flag = {
69 name = initialize;
70 descrip = "Initializes a PKCS #11 token";
71 doc = "";
74 flag = {
75 name = write;
76 descrip = "Writes the loaded objects to a PKCS #11 token";
77 doc = "It can be used to write private keys, certificates or secret keys to a token.";
80 flag = {
81 name = delete;
82 descrip = "Deletes the objects matching the PKCS #11 URL";
83 doc = "";
86 flag = {
87 name = generate-rsa;
88 descrip = "Generate an RSA private-public key pair";
89 doc = "Generates an RSA private-public key pair on the specified token.";
92 flag = {
93 name = generate-dsa;
94 descrip = "Generate an RSA private-public key pair";
95 doc = "Generates an RSA private-public key pair on the specified token.";
97 flag = {
98 name = generate-ecc;
99 descrip = "Generate an RSA private-public key pair";
100 doc = "Generates an RSA private-public key pair on the specified token.";
103 flag = {
104 name = label;
105 arg-type = string;
106 descrip = "Sets a label for the write operation";
107 doc = "";
110 flag = {
111 name = trusted;
112 disable = "no";
113 disabled;
114 descrip = "Marks the object to be written as trusted";
115 doc = "";
118 flag = {
119 name = private;
120 disable = "no";
121 enabled;
122 descrip = "Marks the object to be written as private";
123 doc = "The written object will require a PIN to be used.";
126 flag = {
127 name = login;
128 descrip = "Force login to token";
129 disabled;
130 disable = "no";
131 doc = "";
134 flag = {
135 name = detailed-url;
136 descrip = "Print detailed URLs";
137 disabled;
138 disable = "no";
139 doc = "";
142 flag = {
143 name = secret-key;
144 arg-type = string;
145 descrip = "Provide a hex encoded secret key";
146 doc = "";
149 flag = {
150 name = load-privkey;
151 arg-type = file;
152 file-exists = yes;
153 descrip = "Private key file to use";
154 doc = "";
157 flag = {
158 name = load-pubkey;
159 arg-type = file;
160 file-exists = yes;
161 descrip = "Public key file to use";
162 doc = "";
165 flag = {
166 name = load-certificate;
167 arg-type = file;
168 file-exists = yes;
169 descrip = "Certificate file to use";
170 doc = "";
173 flag = {
174 name = pkcs8;
175 value = 8;
176 descrip = "Use PKCS #8 format for private keys";
177 doc = "";
180 flag = {
181 name = bits;
182 arg-type = number;
183 descrip = "Specify the number of bits for key generate";
184 doc = "";
187 flag = {
188 name = sec-param;
189 arg-type = string;
190 arg-name = "Security parameter";
191 descrip = "Specify the security level";
192 doc = "This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra].";
196 flag = {
197 name = inder;
198 descrip = "Use DER/RAW format for input";
199 disabled;
200 disable = "no";
201 doc = "Use DER/RAW format for input certificates and private keys.";
204 flag = {
205 name = inraw;
206 aliases = inder;
209 flag = {
210 name = provider;
211 arg-type = file;
212 file-exists = yes;
213 descrip = "Specify the PKCS #11 provider library";
214 doc = "This will override the default options in /etc/gnutls/pkcs11.conf";
218 doc-section = {
219 ds-type = 'SEE ALSO';
220 ds-format = 'texi';
221 ds-text = <<-_EOT_
222 certtool (1)
223 _EOT_;
226 doc-section = {
227 ds-type = 'EXAMPLES';
228 ds-format = 'texi';
229 ds-text = <<-_EOT_
230 To view all tokens in your system use:
231 @example
232 $ p11tool --list-tokens
233 @end example
235 To view all objects in a token use:
236 @example
237 $ p11tool --login --list-all "pkcs11:TOKEN-URL"
238 @end example
240 To store a private key and a certificate in a token run:
241 @example
242 $ p11tool --login --write "pkcs11:URL" --load-privkey key.pem \
243 --label "Mykey"
244 $ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \
245 --label "Mykey"
246 @end example
247 Note that some tokens require the same label to be used for the certificate
248 and its corresponding private key.
249 _EOT_;