Utilities
This section describes command-line utilities Entrust provides as aids to developers.
ckdes3gen
ckdes3gen.exe [p|--pin-for-testing=<passphrase>] | [n|-nopin]
This utility is an example of Triple DES key generation using the nShield PKCS #11 library. The utility generates the DES3 key as a private object that can be used both to encrypt and decrypt.
By default, the utility prompts for a passphrase.
You can supply a passphrase on the command line with the --pin-for-testing
option, or suppress the passphrase request with the --nopin
option.
The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.
ckinfo
ckinfo.exe [r|--repeat-count=<COUNT>]
This utility displays C_GetInfo
, C_GetSlotInfo
and C_GetTokenInfo
results.
You can specify a number of repetitions of the command with --repeat-count=<COUNT>
.
The default is 1
.
cklist
cklist.exe [-p|--pin-for-testing=<passphrase>] [-n|-nopin]
This utility lists some details of objects on all slots. It lists public and private objects if invoked with a passphrase argument and public objects only if invoked without a passphrase argument.
It does not output any potentially sensitive attributes, even if the object has CKA_SENSITIVE
set to FALSE
.
By default, the utility prompts for a passphrase.
You can supply a passphrase on the command line with the --pin-for-testing option
, or suppress the passphrase request with the --nopin
option.
The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.
ckmechinfo
ckmechinfo.exe
The utility displays C_GetMechanismInfo
results for each mechanism returned by C_GetMechanismList
.
ckrsagen
ckrsagen.exe [-p|--pin-for-testing=<passphrase>] | [-n|-nopin]
The ckrsagen
utility is an example of RSA key pair generation using the nShield PKCS #11 library.
This is intended as a programmer’s example only and not for general use.
Use the key generation routines within your PKCS #11 application.
By default, the utility prompts for a passphrase.
You can supply a passphrase on the command line with the --pin-for-testing
option, or suppress the passphrase request with the --nopin
option.
The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.
cksotool
cksotool.exe [-h] [--version] [-m MODULE] [-c | -p | -i | --delete]
The cksotool
utility can be used to create and manage the PKCS #11 Security Officer (SO). The SO consists of a token and an RSA key, and is necessary to be able to perform any operations that require a Security Officer as defined by the PKCS #11 specification.
The utility can be used to view the current state of the SO using the -i
or --info
option, which provides details of the existence and validity of the underlying token and key.
The key and softcard created by cksotool
is for Entrust internal use inside the PKCS #11 library.
It is not to be used directly in an application.