52 lines
3.2 KiB
Plaintext
52 lines
3.2 KiB
Plaintext
# Copyright (c) 2014 Yubico AB
|
|
# All rights reserved.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# Additional permission under GNU GPL version 3 section 7
|
|
#
|
|
# If you modify this program, or any covered work, by linking or
|
|
# combining it with the OpenSSL project's OpenSSL library (or a
|
|
# modified version of that library), containing parts covered by the
|
|
# terms of the OpenSSL or SSLeay licenses, We grant you additional
|
|
# permission to convey the resulting work. Corresponding Source for a
|
|
# non-source form of such a combination shall include the source code
|
|
# for the parts of OpenSSL used as well as that of the covered work.
|
|
|
|
option "verbose" v "Print more information" int optional default="0" argoptional
|
|
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
|
option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708"
|
|
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
|
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
|
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin" enum multiple details="
|
|
Multiple actions may be given at once and will be executed in order
|
|
for example --action=verify-pin --action=request-certificate\n"
|
|
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e" enum optional details="
|
|
9a is for PIV Authentication
|
|
9c is for Digital Signature (PIN always checked)
|
|
9d is for Key Management
|
|
9e is for Card Authentication (PIN never checked)\n"
|
|
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256" enum optional default="RSA2048"
|
|
option "new-key" n "New authentication key to use" string optional
|
|
option "pin-retries" - "Number of retries before the pin code is blocked" int optional dependon="puk-retries"
|
|
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
|
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
|
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
|
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12" enum optional default="PEM"
|
|
option "password" p "Password for decryption of private key file" string optional
|
|
option "subject" S "The subject to use for certificate request" string optional details="
|
|
The subject must be written as /CN=host.example.com/OU=test/O=example.com/\n"
|
|
option "pin" P "Pin/puk code for verification" string optional
|
|
option "new-pin" N "New pin/puk code for changing" string optional dependon="pin"
|