1.7 KiB
1.7 KiB
PKCS#11 Tools
- OpenSC pkcs11-tool,pkcs15-tool etc...
- GnuTLS p11tool
- p11-kit
PKCS#11 Libraries
/Library/OpenSC/lib/opensc-pkcs11.so
/usr/local/lib/libykcs11.dylib
pkcs11-tool
$ pkcs11-tool --module /Library/OpenSC/lib/opensc-pkcs11.so -I
Cryptoki version 3.0
Manufacturer OpenSC Project
Library OpenSC smartcard framework (ver 0.25)
Using slot 0 with a present token (0x0)
$ pkcs11-tool --module /usr/local/lib/libykcs11.dylib --show-info
Cryptoki version 2.40
Manufacturer Yubico (www.yubico.com)
Library PKCS#11 PIV Library (SP-800-73) (ver 2.31)
Using slot 0 with a present token (0x0)
List certificates:
$ pkcs11-tool --list-objects --type cert
Read certificate:
$ pkcs11-tool --read-object --id $CERT_ID --type cert --output-file cert.der
List public keys:
$ pkcs11-tool --list-objects --type pubkey
Read public key:
$ pkcs11-tool --read-object --id $PUBKEY_ID --type pubkey --output-file pubkey.der
List private keys:
$ pkcs11-tool --login --list-objects --type privkey
Sign a file:
$ pkcs11-tool --id $KEY_ID -s -m ECDSA --input-file FILE --output-file FILE.sig
p11tool
$ p11tool --provider=/Library/OpenSC/lib/opensc-pkcs11.so --info
Object 0:
URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=3da*********;token=ha********;id=%01;object=PIV%20AUTH%20pubkey;type=public
Type: Public key (EC/ECDSA-SECP384R1)
Label: PIV AUTH pubkey
Flags: CKA_EXTRACTABLE;
ID: 01
...