search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
history | raw | HEAD
basic/linux: update kernel headers from v6.14-rc1
[systemd.io.git] / man / systemd-keyutil.xml
blobd56d2261127a3b219b49232e3a652b2965cec518
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
6 <refentry id="systemd-keyutil"
7     xmlns:xi="http://www.w3.org/2001/XInclude">
8   <refentryinfo>
9     <title>systemd-keyutil</title>
10     <productname>systemd</productname>
11   </refentryinfo>
12
13   <refmeta>
14     <refentrytitle>systemd-keyutil</refentrytitle>
15     <manvolnum>1</manvolnum>
16   </refmeta>
17
18   <refnamediv>
19     <refname>systemd-keyutil</refname>
20     <refpurpose>Perform various operations on private keys and X.509 certificates</refpurpose>
21   </refnamediv>
22
23   <refsynopsisdiv>
24     <cmdsynopsis>
25       <command>systemd-keyutil</command>
26       <arg choice="opt" rep="repeat">OPTIONS</arg>
27       <arg choice="req">COMMAND</arg>
28     </cmdsynopsis>
29   </refsynopsisdiv>
30
31   <refsect1>
32     <title>Description</title>
33
34     <para><command>systemd-keyutil</command> can be used to perform various operations on private keys and
35     X.509 certificates.</para>
36   </refsect1>
37
38   <refsect1>
39     <title>Commands</title>
40
41     <variablelist>
42       <varlistentry>
43         <term><option>validate</option></term>
44
45         <listitem><para>Checks that we can load the private key and certificate specified with
46         <option>--private-key=</option> and <option>--certificate=</option> respectively.</para>
47
48         <para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this
49         command can be used to cache the PIN in the kernel keyring. The
50         <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and
51         <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control
52         how long and in which kernel keyring the PIN is cached.</para>
53
54         <xi:include href="version-info.xml" xpointer="v257"/>
55         </listitem>
56       </varlistentry>
57
58       <varlistentry>
59         <term><command>public</command></term>
60
61         <listitem><para>This commands prints the public key in PEM format extracted from either the
62         certificate given with <option>--certificate=</option> or the private key given with
63         <option>--private-key=</option>.</para>
64
65         <xi:include href="version-info.xml" xpointer="v257"/></listitem>
66       </varlistentry>
67     </variablelist>
68   </refsect1>
69
70   <refsect1>
71     <title>Options</title>
72     <para>The following options are understood:</para>
73
74     <variablelist>
75       <varlistentry>
76         <term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
77         <term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
78         <term><option>--certificate=<replaceable>PATH</replaceable></option></term>
79         <term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
80
81         <listitem><para>Set the private key and certificate to use. The <option>--certificate=</option>
82         option takes a path to a PEM encoded X.509 certificate or a URI that's passed to the OpenSSL provider
83         configured with <option>--certificate-source</option>. The <option>--certificate-source</option>
84         takes one of <literal>file</literal> or <literal>provider</literal>, with the latter being followed
85         by a specific provider identifier, separated with a colon, e.g. <literal>provider:pkcs11</literal>.
86         The <option>--private-key=</option> option can take a path or a URI that will be passed to the
87         OpenSSL engine or provider, as specified by <option>--private-key-source=</option> as a
88         <literal>type:name</literal> tuple, such as <literal>engine:pkcs11</literal>.</para>
89
90         <xi:include href="version-info.xml" xpointer="v257"/></listitem>
91       </varlistentry>
92
93       <xi:include href="standard-options.xml" xpointer="help"/>
94       <xi:include href="standard-options.xml" xpointer="version"/>
95     </variablelist>
96   </refsect1>
97
98   <refsect1>
99     <title>See Also</title>
100     <para><simplelist type="inline">
101       <member><citerefentry><refentrytitle>systemd-sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
102       <member><citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
103     </simplelist></para>
104   </refsect1>
105 </refentry>
The systemd System and Service Manager systemd.io Topics c linux services system systemd init Resources Readme License GPL-2.0 License Code of conduct Code of conduct Releases 48 systemd v249 Latest on 7 Jul + 47 releases Sponsor this project https://spi-inc.org/projects/systemd/ Packages No packages published Contributors 1,650 @poettering @keszybz @yuwata @kaysievers @teg @ssahani @zonque @gregkh @evverx @martinpitt @dvdhrm + 1,639 contributors Environments 1 github-pages Active Languages C 89.4% Python 5.8% Shell 2.1% Meson 1.3% HTML 0.9% Perl 0.4% Other 0.1%