10 #include "certtool-common.h"
12 #include <gnutls/pkcs11.h>
16 helpnode "p11tool help\nUsage: p11tool [options]"
17 helpnode "Usage: p11tool --list-tokens"
18 helpnode "Usage: p11tool --list-all"
19 helpnode "Usage: p11tool --export 'pkcs11:...'\n"
22 option (export) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export an object specified by a pkcs11 URL"
25 option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"
27 option (list-mechanisms) STR "URL" { $pkcs11_url = $1; $action = ACTION_PKCS11_MECHANISMS; } "List all available mechanisms in token."
29 option (list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
30 option (list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
31 option (list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
32 option (list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
33 option (list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"
36 option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT; $pkcs11_url = $1; } "Initializes a PKCS11 token."
37 option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates, private or secret keys to a PKCS11 token."
38 option (delete) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."
41 option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
43 option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be imported as trusted."
46 option (login) { $pkcs11_login = 1; } "Force login to token"
48 #int pkcs11_detailed_url;
49 option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
50 option (no-detailed-url) { $pkcs11_detailed_url = 0; } "Export less detailed URLs."
53 option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded secret key."
56 option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
59 option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use."
62 option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."
65 option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."
68 option (inder) { $incert_format=GNUTLS_X509_FMT_DER } "Use DER format for input certificates and private keys."
69 option (inraw) { $incert_format=GNUTLS_X509_FMT_DER } "Use RAW/DER format for input certificates and private keys."
71 #char* pkcs11_provider;
73 option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"
76 option (outfile) STR "FILE" { $outfile = $1 } "Output file."
81 option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."
83 option (h, help) { gaa_help(); exit(0); } "shows this help text"
86 $action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; $privkey = NULL;
87 $pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL;
88 $pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB;
89 $secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM; }