Utilities

This section describes command-line utilities Entrust provides as aids to developers.

ckdes3gen

ckdes3gen.exe [p|--pin-for-testing=<passphrase>] | [n|-nopin]

This utility is an example of Triple DES key generation using the nShield PKCS #11 library. The utility generates the DES3 key as a private object that can be used both to encrypt and decrypt.

By default, the utility prompts for a passphrase. You can supply a passphrase on the command line with the --pin-for-testing option, or suppress the passphrase request with the --nopin option. The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.

ckinfo

ckinfo.exe [r|--repeat-count=<COUNT>]

This utility displays C_GetInfo, C_GetSlotInfo and C_GetTokenInfo results. You can specify a number of repetitions of the command with --repeat-count=<COUNT>. The default is 1.

cklist

cklist.exe [-p|--pin-for-testing=<passphrase>] [-n|-nopin]

This utility lists some details of objects on all slots. It lists public and private objects if invoked with a passphrase argument and public objects only if invoked without a passphrase argument.

It does not output any potentially sensitive attributes, even if the object has CKA_SENSITIVE set to FALSE.

By default, the utility prompts for a passphrase. You can supply a passphrase on the command line with the --pin-for-testing option, or suppress the passphrase request with the --nopin option. The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.

ckmechinfo

ckmechinfo.exe

The utility displays C_GetMechanismInfo results for each mechanism returned by C_GetMechanismList.

ckrsagen

ckrsagen.exe [-p|--pin-for-testing=<passphrase>] | [-n|-nopin]

The ckrsagen utility is an example of RSA key pair generation using the nShield PKCS #11 library. This is intended as a programmer’s example only and not for general use. Use the key generation routines within your PKCS #11 application.

By default, the utility prompts for a passphrase. You can supply a passphrase on the command line with the --pin-for-testing option, or suppress the passphrase request with the --nopin option. The passphrase is displayed in the clear on the command line, so this option is appropriate only for testing.

cksotool

cksotool.exe [-h] [--version] [-m MODULE] [-c | -p | -i | --delete]

The cksotool utility can be used to create and manage the PKCS #11 Security Officer (SO). The SO consists of a token and an RSA key, and is necessary to be able to perform any operations that require a Security Officer as defined by the PKCS #11 specification. The utility can be used to view the current state of the SO using the -i or --info option, which provides details of the existence and validity of the underlying token and key.

The key and softcard created by cksotool is for Entrust internal use inside the PKCS #11 library. It is not to be used directly in an application.