Utilities in the Web Services PKCS #11 library
The following four utility programs are provided:
ckcheckinst
|
Checks basic functionality. |
ckinfo-dynamic
|
Prints version information. |
cklist-dynamic
|
Lists objects created on the Softcard. |
ckmechinfo
|
Lists supported mechanisms. |
Run these programs with the following commands:
Linux:
/opt/nfast/webservices/pkcs11/bin/ckcheckinst
/opt/nfast/webservices/pkcs11/bin/ckinfo-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so
/opt/nfast/webservices/pkcs11/bin/cklist-dynamic --library /opt/nfast/webservices/pkcs11/lib/libpkcs11webservices.so
/opt/nfast/webservices/pkcs11/bin/ckmechinfo
Windows:
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckcheckinst.exe
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckinfo-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\cklist-dynamic.exe --library "C:\Program Files\nCipher\WebServices\pkcs11\lib\libpkcs11webservices.so"
C:\Program Files\nCipher\WebServices\pkcs11\bin\ckmechinfo.exe
Softcard generation tool
Because PKCS #11 does not directly support Softcard generation, a command line tool is provided.
The Softcard tool uses the same configuration file as the PKCS #11 library for the Web Services server secure connection. It does not support any logging. For more information, see Configure the Web Services PKCS #11 library.
Both single and double hyphen arguments are supported, for example, -g
| --generate
.
You can also combine compatible single hyphen arguments, for example, you could use -vg
instead of -v -g
.
To generate a new Softcard run the following command:
Linux:
/opt/nfast/webservices/pkcs11/bin/softcardtool -g --name=<new-softcard-name>
Windows:
C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -g --name=<new-softcard-name>
When prompted, enter a new passphrase for the Softcard.
Special characters for name and passphrase are not supported. |
To verify the Web Services server connection, run the tool with the verbose and list options:
Linux:
/opt/nfast/webservices/pkcs11/bin/softcardtool -vl
Windows:
C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -vl
To delete a Softcard, remove all keys associated with the Softcard and use the following command:
Linux:
/opt/nfast/webservices/pkcs11/bin/softcardtool -d --ID=<deleted-softcard-ID>
Windows:
C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe -d --ID=<deleted-softcard-ID>
To see all the available options, run
Linux:
/opt/nfast/webservices/pkcs11/bin/softcardtool --help
softcardtool, 1.3.0
Usage:
softcardtool [options]
Windows:
C:\Program Files\nCipher\WebServices\pkcs11\bin\softcardtool.exe --help
softcardtool, 1.3.0
Usage:
softcardtool.exe [options]
Options:
Help options:
-h, --help Display help for `softcardtool'.
-V, --version Display the version number of `softcardtool'.
-u, --usage Display a brief usage summary for `softcardtool'.
Command options:
-v, --verbose Modify another command to be verbose.
-a, --audit="LEVEL" Displays rest client logs with a level lower than
or equal to the one provided. Select one of:
(FATAL < ERROR < WARNING < INFO < DEBUG)
-l, --list List softcards.
-g, --generate Generate a new softcard.
-n, --name="NAME" Name of softcard to generate, delete or retrieve.
-d, --delete Delete softcard by ID or name.
-r, --retrieve Retrieve a softcard's information by ID or name.
-i, --id="ID" ID of softcard to delete or retrieve. Ignored if
name is provided.
Generates, deletes, lists, and retrieves the details of softcards.
A softcard name may have leading/trailing spaces. If a name is supplied in the
initial prompt and contains spaces, it must be enclosed in double quotation
marks, which will be removed. For example:
--generate --name "softcard name" outputs: softcard name
--generate, "Enter name:" softcard name outputs: softcard name
Aside from the space character, names and passphrases including special
characters are not supported.
You cannot use --delete in conjuction with --generate or --retrieve .
All other combinations are permitted and operate in the order of generate, delete, list, retrieve.
|