p11tool command examples

p11tool command examples

p11tool – GnuTLS PKCS #11 tool

To view all tokens in your system use:

$ p11tool --list-tokens

To view all objects in a token use:

$ p11tool --login --list-all "pkcs11:TOKEN-URL"

To store a private key and a certificate in a token run:

$ p11tool --login --write "pkcs11:URL" --load-privkey key.pem --label "Mykey"
$ p11tool --login --write "pkcs11:URL" --load-certificate cert.pem --label "Mykey"

Note that some tokens require the same label to be used for the certificate and its corresponding private key.

To generate an RSA private key inside the token use:

$ p11tool --login --generate-rsa --bits 1024 --label "MyNewKey" --outfile MyNewKey.pub "pkcs11:TOKEN-URL"

The bits parameter in the above example is explicitly set because some tokens only support limited choices in the bit length. The output file is the corresponding public key. This key can be used to general a certificate request with certtool.

#certtool --generate-request --load-privkey "pkcs11:KEY-URL" --load-pubkey MyNewKey.pub --outfile request.pem


Leave a Reply

Your email address will not be published. Required fields are marked *