Commit 3b1ea335 authored by Daiki Ueno's avatar Daiki Ueno

Bug 1413308, document PKCS #11 URI usage in tools manual, r=rrelyea

parent 96728bb2
......@@ -258,7 +258,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
<varlistentry>
<term>-h tokenname</term>
<listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para></listitem>
<listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para>
<para>The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.</para></listitem>
</varlistentry>
<varlistentry>
......@@ -292,7 +293,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their
<varlistentry>
<term>-n nickname</term>
<listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para></listitem>
<listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para>
<para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem>
</varlistentry>
<varlistentry>
......@@ -1017,9 +1019,11 @@ certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services</programlisting>
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203</programlisting>
<para><command>Adding Certificates to the Database</command></para>
<para>
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -322,9 +322,11 @@ Listing of PKCS #11 Modules
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
-----------------------------------------------------------</programlisting>
<para>Passing a specific module name with the <option>-list</option> returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:</para>
<programlisting> modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
......
......@@ -317,6 +317,8 @@ Set a key size to use when generating new public and private key pairs\&. The mi
\-h tokenname
.RS 4
Specify the name of a token to use or act on\&. If not specified the default token is the internal database slot\&.
.sp
The name can also be a PKCS #11 URI\&. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB"\&. For details about the format, see RFC 7512\&.
.RE
.PP
\-i input_file
......@@ -344,6 +346,8 @@ Assign a unique serial number to a certificate being created\&. This operation s
\-n nickname
.RS 4
Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate\&. Bracket the nickname string with quotation marks if it contains spaces\&.
.sp
The nickname can also be a PKCS #11 URI\&. For example, if you have a certificate named "my\-server\-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my\-server\-cert"\&. For details about the format, see RFC 7512\&.
.RE
.PP
\-o output\-file
......@@ -1575,9 +1579,11 @@ $ certutil \-U \-d sql:/home/my/sharednssdb
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
.fi
.if n \{\
.RE
......
'\" t
.\" Title: MODUTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 5 June 2014
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 5 October 2017
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
.TH "MODUTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -515,9 +515,11 @@ Listing of PKCS #11 Modules
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
.fi
.if n \{\
......
......@@ -2,12 +2,12 @@
.\" Title: PK12UTIL
.\" Author: [see the "Authors" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\" Date: 27 October 2017
.\" Date: 5 October 2017
.\" Manual: NSS Security Tools
.\" Source: nss-tools
.\" Language: English
.\"
.TH "PK12UTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools"
.TH "PK12UTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -113,6 +113,8 @@ Specify the desired length of the symmetric key to be used to encrypt the certif
\-n certname
.RS 4
Specify the nickname of the cert and private key to export\&.
.sp
The nickname can also be a PKCS #11 URI\&. For example, if you have a certificate named "my\-server\-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my\-server\-cert"\&. For details about the format, see RFC 7512\&.
.RE
.PP
\-P prefix
......
......@@ -114,7 +114,8 @@
<varlistentry>
<term>-n certname</term>
<listitem><para>Specify the nickname of the cert and private key to export.</para></listitem>
<listitem><para>Specify the nickname of the cert and private key to export.</para>
<para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem>
</varlistentry>
<varlistentry>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment