diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /doc/p11tool-examples.texi | |
parent | Initial commit. (diff) | |
download | gnutls28-upstream.tar.xz gnutls28-upstream.zip |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/p11tool-examples.texi')
-rw-r--r-- | doc/p11tool-examples.texi | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/doc/p11tool-examples.texi b/doc/p11tool-examples.texi new file mode 100644 index 0000000..09871a9 --- /dev/null +++ b/doc/p11tool-examples.texi @@ -0,0 +1,34 @@ +To view all tokens in your system use: +@example +$ p11tool --list-tokens +@end example + +To view all objects in a token use: +@example +$ p11tool --login --list-all "pkcs11:TOKEN-URL" +@end example + +To store a private key and a certificate in a token run: +@example +$ p11tool --login --write "pkcs11:URL" --load-privkey key.pem \ + --label "Mykey" +$ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem \ + --label "Mykey" +@end example +Note that some tokens require the same label to be used for the certificate +and its corresponding private key. + +To generate an RSA private key inside the token use: +@example +$ p11tool --login --generate-privkey rsa --bits 1024 --label "MyNewKey" \ + --outfile MyNewKey.pub "pkcs11:TOKEN-URL" +@end example +The bits parameter in the above example is explicitly set because some +tokens only support limited choices in the bit length. The output file is the +corresponding public key. This key can be used to general a certificate +request with certtool. +@example +certtool --generate-request --load-privkey "pkcs11:KEY-URL" \ + --load-pubkey MyNewKey.pub --outfile request.pem +@end example + |