cksigtest

cksigtest [options]

Do not use PKCS #11 to perform any task that requires an Administrator Card. Use the equivalent nShield utilities instead.

Measures module signing or encryption speed when used with nShield PKCS #11 library calls.

Option Description

Program options

-d, --decrypt

Tests the decrypt operation.

-e, --encrypt

Tests the encrypt operation.

-s, --sign

Tests the sign operation (default).

-v, --verify

Tests the verify operation.

Key options

--eddsa-mode=EDDSA_MODE

Selects the mode for EDDSA.
Valid values: pure, prehash.
Default: prehash

-l, --key-size=BITS

Sets the key size (default 2048).

-M, --mech=MECH

Uses mechanism MECH, which is one of DSA, DSA_SHA1, SHA1_RSA_PKCS, RSA_X_509, RSA_PKCS, RSA_PKCS_PSS, RSA_PKCS_OAEP, KCDSA_HAS160, EC_SHA1, EDDSA.
Default for sign / verify: RSA_PKCS_PSS.
Default for encrypt / decrypt: RSA_PKCS_OAEP.

-S, --sig-type=TYPE

Selects the signature type to use --RSA (default), DSA, KCDSA, EC or EDDSA.

Further options

-B, --unbuffered-stdout

Always flushes stdout.

-c, --cardset=NAME

Specifies the cardset to use.

-j, --threads=COUNT

Sets the maximum number of threads.
Default: 30.

-n, --nopin

Doesn’t call C_Login, makes key public object.

-p, --pin-for-testing=PIN

Use PIN for C_Login.

Exposes PIN, use for testing only.

-t, --stop-after=TIME

Sets the maximum time to run.
Default: 60 seconds.

Help options

-h, --help

Displays help for cksigtest.

-u, --usage

Displays a brief usage summary for cksigtest.

-V, --version

Displays the version number of the Security World Software that deploys cksigtest.