NAME
qcatool - command line tool for the Qt Cryptographic Architecture
DESCRIPTION
qcatool is a command line tool for performing various cryptographic
operations with the Qt Cryptographic Architecture (QCA). qcatool can
also be used for testing and debugging QCA.
USAGE
qcatool has a range of options and commands. You only ever get to use
one command, but you may use several, one or no options.
OPTIONS
As noted above, these are all optional, and may be combined.
--pass=PASSWORD
Specify the password to use. This is probably a bad idea except
for testing, because anyone can read the arguments to a command
line application.
--newpass=PASSWORD
Specify the new password to use for password change with the key
changepass and keybundle changepass commands. This is probably
a bad idea except for testing, because anyone can read the
arguments to a command line application.
--nonroots=CERTIFICATES
Specify additional certificates, not trusted, but which may be
used in the trust path if appropriate trust can be established.
--roots=CERTIFICATES
Specify additional certificates which can be used as trusted
(root) certificates.
--nosys
Disable use of the standard root certificates that are provided
by the operating system.
--noprompt
Disable prompting for passwords/passphrases. If you do not
provide the passphrase on the command line (with --pass or
--newpass) this will cause qcatool to abort the command if a
password/passphrase is required.
--ordered
If outputting certificate information fields (Distinguished Name
and Subject Alternative Name), show them in same the order that
they are present in the certificate rather than in a friendly
sorted order.
--debug
Enable additional output to aid debugging.
--log-file=FILENAME
Log to the specified file.
--log-level=LEVEL
Log at the specified level. The log level can be between 0
(none) and 8 (most).
--nobundle
When S/MIME signing, do not bundle the signer’s certificate
chain inside the signature. This results in a smaller signature
output, but requires the recipient to have all of the necessary
certificates in order to verify it.
COMMANDS
help, --help, -h
Output usage (help) information.
version, --version, -v
Output version information.
plugins
List available plugins. Use the --debug option to get more
information on plugins which are found and which ones actually
loaded.
config save [provider]
Save provider configuration. Use this to have the provider’s
default configuration written to persistent storage, which you
can then edit by hand.
config edit [provider]
Edit provider configuration. The changes are written to
persistent storage.
key make rsa|dsa [bits]
Create a key pair
key changepass [K]
Add/change/remove passphrase of a key
cert makereq [K]
Create certificate request (CSR)
cert makeself [K]
Create self-signed certificate
cert makereqadv [K]
Advanced version of ’makereq’
cert makeselfadv [K]
Advanced version of ’makeself’
cert validate [C]
Validate certificate
keybundle make [K] [C]
Create a keybundle
keybundle extract [X]
Extract certificate(s) and key
keybundle changepass [X]
Change passphrase of a keybundle
keystore list-stores
List all available keystores
keystore list [storeName]
List content of a keystore
keystore monitor
Monitor for keystore availability
keystore export [E]
Export a keystore entry’s content
keystore exportref [E]
Export a keystore entry reference
keystore addkb [storeName] [cert.p12]
Add a keybundle into a keystore
keystore addpgp [storeName] [key.asc]
Add a PGP key into a keystore
keystore remove [E]
Remove an object from a keystore
show cert [C]
Examine a certificate
show req [req.pem]
Examine a certificate request (CSR)
show crl [crl.pem]
Examine a certificate revocation list
show kb [X]
Examine a keybundle
show pgp [P|S]
Examine a PGP key
message sign pgp|pgpdetach|smime [X|S]
Sign a message
message encrypt pgp|smime [C|P]
Encrypt a message
message signencrypt [S] [P]
PGP sign & encrypt a message
message verify pgp|smime
Verify a message
message decrypt pgp|smime ((X) ...)
Decrypt a message (S/MIME needs X)
message exportcerts
Export certs from S/MIME message
ARGUMENTS
The arguments to the commands are as follows.
K = private key.
C = certificate.
X = key bundle.
P = PGP public key.
S = PGP secret key.
E = generic entry.
These must be identified by either a filename or a keystore reference
("store:obj").
AUTHOR
qcatool was written by Justin Karneges as part of QCA. This manual page
was written by Brad Hards.