← Back to branch summary

~ubuntu-branches/ubuntu/precise/gnutls28/precise 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

#{

/* C declarations */

#include <config.h>
#ifdef _WIN32
# include <io.h>
#endif

#include "certtool-common.h"
#include "p11tool.h"
#include <gnutls/pkcs11.h>

#}

helpnode "p11tool help\nUsage: p11tool [options]"
helpnode "Usage: p11tool --list-tokens"
helpnode "Usage: p11tool --list-all"
helpnode "Usage: p11tool --export 'pkcs11:...'\n"

#char* pkcs11_url;
option (export) STR "URL" { $action = ACTION_PKCS11_EXPORT_URL; $pkcs11_url = $1; } "Export an object specified by a pkcs11 URL"

#int pkcs11_type;
option (list-tokens) { $action = ACTION_PKCS11_TOKENS; } "List all available tokens"

option (list-mechanisms) STR "URL" { $pkcs11_url = $1; $action = ACTION_PKCS11_MECHANISMS; } "List all available mechanisms in token."

option (list-all) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_ALL; } "List all objects specified by a PKCS#11 URL"
option (list-all-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_CRT_ALL; } "List all certificates specified by a PKCS#11 URL"
option (list-certs) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PK; } "List certificates that have a private key specified by a PKCS#11 URL"
option (list-privkeys) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_PRIVKEY; } "List private keys specified by a PKCS#11 URL"
option (list-trusted) { $action = ACTION_PKCS11_LIST; $pkcs11_type=PKCS11_TYPE_TRUSTED; } "List certificates marked as trusted, specified by a PKCS#11 URL"

#char* pkcs11_label;
option (initialize) STR "URL" { $action = ACTION_PKCS11_TOKEN_INIT; $pkcs11_url = $1; } "Initializes a PKCS11 token."
option (write) STR "URL" { $action = ACTION_PKCS11_WRITE_URL; $pkcs11_url = $1; } "Writes loaded certificates, private or secret keys to a PKCS11 token."
option (delete) STR "URL" { $action = ACTION_PKCS11_DELETE_URL; $pkcs11_url = $1; } "Deletes objects matching the URL."

#int key_type;
option (generate-rsa) STR "URL" { $action = ACTION_PKCS11_GENERATE; $key_type = GNUTLS_PK_RSA; $pkcs11_url = $1; } "Generates an RSA private key on the specified token."
option (generate-dsa) STR "URL" { $action = ACTION_PKCS11_GENERATE; $key_type = GNUTLS_PK_DSA; $pkcs11_url = $1; } "Generates a DSA private key on the specified token."
option (generate-ecc) STR "URL" { $action = ACTION_PKCS11_GENERATE; $key_type = GNUTLS_PK_EC; $pkcs11_url = $1; } "Generates an ECDSA private key on the specified token."

option (label) STR "label" { $pkcs11_label = $1; } "Sets a label for the write operation."
#int pkcs11_trusted;
option (trusted) { $pkcs11_trusted = 1; } "Marks the certificate to be written as trusted."

#int pkcs11_private;
option (private) { $pkcs11_private = 1; } "Marks the object to be written as private (requires PIN)."
option (no-private) { $pkcs11_private = 0; } "Marks the object to be written as not private."

#int pkcs11_login;
option (login) { $pkcs11_login = 1; } "Force login to token"

#int pkcs11_detailed_url;
option (detailed-url) { $pkcs11_detailed_url = GNUTLS_PKCS11_URL_LIB; } "Export detailed URLs."
option (no-detailed-url) { $pkcs11_detailed_url = 0; } "Export less detailed URLs."

#char* secret_key;
option (secret-key) STR "HEX_KEY" { $secret_key = $1; } "Provide a hex encoded secret key."

#char *privkey;
option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."

#char *pubkey;
option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use."

#char *cert;
option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use."

#int pkcs8;
option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys."

#int bits;
option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for key generation."

#char* sec_param;
option (sec-param) STR "PARAM" { $sec_param = $1 } "specify the security level [low|normal|high|ultra]."

#int incert_format;
option (inder) { $incert_format=GNUTLS_X509_FMT_DER } "Use DER format for input certificates and private keys."
option (inraw) { $incert_format=GNUTLS_X509_FMT_DER } "Use RAW/DER format for input certificates and private keys."

#char* pkcs11_provider;
#int action;
option (provider) STR "Library" { $pkcs11_provider = $1 } "Specify the pkcs11 provider library"

#char *outfile;
option (outfile) STR "FILE" { $outfile = $1 } "Output file."



#int debug;
option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1."

option (h, help) { gaa_help(); exit(0); } "shows this help text"

init {
	$action = -1; $pkcs11_provider= NULL; $outfile = NULL; $pubkey = NULL; $privkey = NULL;
	$pkcs11_url = NULL; $pkcs11_type = PKCS11_TYPE_PK; $pubkey=NULL; $pkcs11_label = NULL; 
	$pkcs11_trusted=0; $pkcs11_login = 0; $pkcs11_detailed_url = 0; 
	$secret_key = NULL; $cert = NULL; $incert_format = GNUTLS_X509_FMT_PEM; $pkcs11_private = -1; 
	$key_type = 0; $bits = 0; $sec_param = NULL; }