createocs
createocs -m MODULE -Q K/N -N NAME [-MpPRqe] [-T TIME]
createocs -m MODULE -e [-e]
Creates operator cardsets or erases cards.
When createocs
has obtained the authorization from a valid card or if no authorization is required, it prompts you to insert a card.
Without -e
, creates a new operator cardset.
You must specify at least the module (with --module
), the quorum (with --ocs-quorum
) and the new cardset name (with --name
).
By default when a new operator cardset is created:
-
The cardset will NOT be persistent. Thus keys protected by it will only be usable while the last card remains inserted. Use the
--persist
option to change this. -
Passphrase recovery is enabled. Use the
--no-pp-recovery
option to make passphrase recovery impossible. This will make keys inaccessible if more than N-K passphrases are forgotten. -
Not remotely readable. Use the
--remotely-readable
option to allow the cardset to be used in remote slots. Remotely readable cardsets are always persistent.
For more information, see:
Option | Description |
---|---|
|
Erases a card (instead of creating a card set). |
|
Erases several cards. |
|
Names individual cards within the card set.
You can only use this option after the card set has been named by using the |
|
Specifies a name for the card set.
The card set must be named with this option before individual cards can be named using the |
|
Creates a persistent card set. |
|
Creates a non-persistent card set. |
|
Allows this card set to be read remotely. For information on configuring Remote OCSs, see Remote Operator. Not required for Remote Administration. |
|
|
|
Specifies that passphrase replacement for this OCS is disabled.
Setting this option overrides the default setting, which is that the card passphrases are replaceable.
You can specify the enablement of passphrase replacement explicitly by setting the |
|
Sets the time-out for the card set. |
Module selection |
|
|
Specifies the number ID to use. |
Help options |
|
|
Displays help for |
|
Displays a brief usage summary for |
|
Displays the version number of the Security World Software that deploys |
Restrictions on using createocs
With Security World Software v11.72 and later, passphrases are limited to a maximum length of 254 characters, when using createocs
.
See Maximum passphrase length.
If you have created a FIPS 140 Level 3 compliant Security World, you must provide authorization to create new Operator Cards; createocs
prompts you to insert a card that contains this authorization.
Insert any card from the Administrator Card Set or any Operator Card from the current Security World.