NAME
tpmtoken_import - import an X.509 certficate and/or an RSA key pair
into the user’s TPM PKCS#11 data store
SYNOPSIS
tpmtoken_import [ OPTION ] FILE
DESCRIPTION
tpmtoken_import imports a PEM formatted representation of an X.509
certificate and/or an RSA key contained in FILE.
Importing an X.509 certificate creates an X.509 Public Key Certificate
PKCS#11 object and also an RSA Public Key PKCS#11 object using the RSA
public key contained in the certificate. The certificate’s key must be
an RSA key in order for the certificate to be successfully processed by
this command.
Importing an RSA key creates an RSA Public Key and an RSA Private Key
PKCS#11 object. In order to associate the RSA PKCS#11 objects with an
X.509 Public Key Certificate PKCS#11 object, the RSA PKCS#11 objects
must have a subject name and key identifier associated with them. This
can be accomplished by supplying the corresponding X.509 certificate as
an optional command parameter.
The input can contain PEM formatted representations of both an X.509
certificate and an RSA key. If both representations are present then an
X.509 Public Key Certificate PKCS#11 object, an RSA Public Key PKCS#11
object and an RSA Private Key PKCS#11 object are created.
-h, --help
Display command usage info.
-v, --version
Display command version info.
-l, --log [none|error|info|debug]
Set logging level.
-i, --idfile FILE
Use FILE as the PEM formatted X.509 certificate input used to
obtain the subject and id attributes
-k, --token STRING
Use STRING to identify the label of the PKCS#11 token to be used
-n, --name STRING
Use STRING as the label for the imported object(s)
-p, --public
Import the object(s) as a public object
-t, --type key|cert
Import only the specified object type
-y, --yes
Assume an answer of yes for any confirmation prompts that would
normally be asked
SEE ALSO
tpmtoken_init(1), tpmtoken_setpasswd(1), tpmtoken_objects(1),
tpmtoken_protect(1)
REPORTING BUGS
Report bugs to <trousers-users@lists.sourceforge.net>