commands.sh

pkcs11-tool

all

Utility for managing and using PKCS #11 security tokens.

More info →

Options (9)

-L, --list-slotsboolean

List slots and their potential token, using a specific module (e.g. `/usr/lib/softhsm/libsofthsm2.so`)

Example: pkcs11-tool --module {{path/to/module.so}} {{[-L|--list-slots]}} {{[-T|--list-token-slots]}}
-T, --list-token-slotsboolean

List slots and their potential token, using a specific module (e.g. `/usr/lib/softhsm/libsofthsm2.so`)

Example: pkcs11-tool --module {{path/to/module.so}} {{[-L|--list-slots]}} {{[-T|--list-token-slots]}}
-O, --list-objectsboolean

List objects in a specific slot. (Note: `slot_id` is not the slot index shown as "Slot X")

Example: pkcs11-tool {{[-O|--list-objects]}} {{[-p|--pin]}} {{auth_pin}} --slot {{slot_id}}
-p, --pinboolean

List objects in a specific slot. (Note: `slot_id` is not the slot index shown as "Slot X")

Example: pkcs11-tool {{[-O|--list-objects]}} {{[-p|--pin]}} {{auth_pin}} --slot {{slot_id}}
-y, --typeboolean

Create a new object with a specific label and type

Example: pkcs11-tool --slot {{slot_id}} {{[-p|--pin]}} {{auth_pin}} {{[-y|--type]}} {{cert|privkey|pubkey|secrkey|data|...}} {{[-a|--label]}} "{{label}}" {{[-d|--id]}} {{01}} {{[-w|--write-object]}} {{path/to/cert.crt}}
-a, --labelboolean

Create a new object with a specific label and type

Example: pkcs11-tool --slot {{slot_id}} {{[-p|--pin]}} {{auth_pin}} {{[-y|--type]}} {{cert|privkey|pubkey|secrkey|data|...}} {{[-a|--label]}} "{{label}}" {{[-d|--id]}} {{01}} {{[-w|--write-object]}} {{path/to/cert.crt}}
-d, --idboolean

Create a new object with a specific label and type

Example: pkcs11-tool --slot {{slot_id}} {{[-p|--pin]}} {{auth_pin}} {{[-y|--type]}} {{cert|privkey|pubkey|secrkey|data|...}} {{[-a|--label]}} "{{label}}" {{[-d|--id]}} {{01}} {{[-w|--write-object]}} {{path/to/cert.crt}}
-w, --write-objectboolean

Create a new object with a specific label and type

Example: pkcs11-tool --slot {{slot_id}} {{[-p|--pin]}} {{auth_pin}} {{[-y|--type]}} {{cert|privkey|pubkey|secrkey|data|...}} {{[-a|--label]}} "{{label}}" {{[-d|--id]}} {{01}} {{[-w|--write-object]}} {{path/to/cert.crt}}
-b, --delete-objectboolean

Delete an object by its label and type

Example: pkcs11-tool --slot {{slot_id}} {{[-p|--pin]}} {{auth_pin}} {{[-y|--type]}} {{cert|privkey|pubkey|secrkey|data|...}} {{[-a|--label]}} "{{label}}" {{[-b|--delete-object]}}

Examples (4)

List slots and their potential token, using a specific module (e.g. `/usr/lib/softhsm/libsofthsm2.so`)

pkcs11-tool --module path/to/module.so [-L|--list-slots] [-T|--list-token-slots]

List objects in a specific slot. (Note: `slot_id` is not the slot index shown as "Slot X")

pkcs11-tool [-O|--list-objects] [-p|--pin] auth_pin --slot slot_id

Create a new object with a specific label and type

pkcs11-tool --slot slot_id [-p|--pin] auth_pin [-y|--type] cert|privkey|pubkey|secrkey|data|... [-a|--label] "label" [-d|--id] 01 [-w|--write-object] path/to/cert.crt

Delete an object by its label and type

pkcs11-tool --slot slot_id [-p|--pin] auth_pin [-y|--type] cert|privkey|pubkey|secrkey|data|... [-a|--label] "label" [-b|--delete-object]
made by @shridhargupta | data from tldr-pages