Linux command
p11-kit 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
List modules
p11-kit list-modules
List tokens
p11-kit list-tokens
Show object info
p11-kit list-objects
Extract CA certificates as PEM bundle
p11-kit extract --format=pem-bundle --filter=ca-anchors [path/to/output.pem]
Run a PKCS#11 server
p11-kit server --provider [module.so] [pkcs11:token-uri]
Generate a key pair
p11-kit generate-keypair --type=rsa [pkcs11:token-uri]
说明
p11-kit provides a way to load and enumerate PKCS#11 modules on a system. It acts as a proxy, allowing applications to use a single PKCS#11 module that aggregates access to all registered tokens (smart cards, HSMs, software tokens). The extract command is commonly used to export CA certificates from trust stores into PEM bundles or other formats usable by applications like web servers and curl.
参数
- list-modules
- List PKCS#11 modules.
- list-tokens
- List tokens.
- list-objects
- List objects.
- extract
- Extract certificates and trust policy from the shared trust store.
- server
- Run a PKCS#11 server exposing tokens on a local socket.
- remote
- Expose a PKCS#11 module remotely over stdin/stdout.
- generate-keypair
- Generate a key pair on a token (rsa, ecdsa, eddsa).
- add-profile
- Create a new profile object on a token.
- delete-profile
- Delete a profile object from a token.
- --format _FORMAT_
- Output format for extract (e.g., pem-bundle, x509-directory).
- --filter _FILTER_
- Certificate filter for extract (e.g., ca-anchors, trust-policy, blocklist, certificates).
- -v, --verbose
- Run in verbose mode with debug output.
- -q, --quiet
- Run in quiet mode without warnings.
FAQ
What is the p11-kit command used for?
p11-kit provides a way to load and enumerate PKCS#11 modules on a system. It acts as a proxy, allowing applications to use a single PKCS#11 module that aggregates access to all registered tokens (smart cards, HSMs, software tokens). The extract command is commonly used to export CA certificates from trust stores into PEM bundles or other formats usable by applications like web servers and curl.
How do I run a basic p11-kit example?
Run `p11-kit list-modules` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does list-modules do in p11-kit?
List PKCS#11 modules.