IKEYCMD commands
This section describes commands according to the object of the command. The object can be one of the following:
- -keydb
- Actions apply to a key database
- -cert
- Actions apply to a certificate
- -certreq
- Actions apply to a certificate request
- -help
- Displays help for IKEYCMD
- -version
- Displays version information for IKEYCMD
Commands for a CMS key database only
- -keydb -changepw
- Change the password for a CMS key database:
-keydb -changepw -db filename -pw password -new_pw new_password -stash -expire days
- -keydb -create
- Create a CMS key database:
-keydb -create -db filename -pw password -type cms -expire days -stash
- -keydb -stashpw
- Stash the password of a CMS key database into a file:
-keydb -stashpw -db filename -pw password
- -cert -getdefault
- Get the default personal certificate:
-cert -getdefault -db filename -pw password
- -cert -modify
- Modify a certificate:
- Note:
- Currently, the only field that can be modified is the Certificate Trust field.
-cert -modify -db filename -pw password -label label -trust enable | disable
- -cert -setdefault
- Set the default personal certificate:
-cert -setdefault -db filename -pw password -label label
Commands for CMS or PKCS #12 key databases
- -keydb -changepw
- Change the password for a key database:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days
- -keydb -convert
- Convert the key database from one format to another:
-keydb -convert -db filename -pw password -old_format cms | pkcs12 -new_format cms
- -keydb -create
- Create a key database:
-keydb -create -db filename -pw password -type cms | pkcs12
- -keydb -delete
- Delete a key database:
-keydb -delete -db filename -pw password
- -keydb -list
- List currently-supported types of key database:
-keydb -list
- -cert -add
- Add a certificate from a file into a key database:
-cert -add -db filename -pw password -label label -file filename -format ascii | binary
- -cert -create
- Create a self-signed certificate:
-cert -create -db filename -pw password -label label -dn distinguished_name -size 1024 | 512 -x509version 3 | 1 | 2 -expire days
- -cert -delete
- Delete a certificate:
-cert -delete -db filename -pw password -label label
- -cert -details
- List the detailed information for a specific certificate:
-cert -details -db filename -pw password -label label
- -cert -export
- Export a personal certificate and its associated private key from a key database into a PKCS#12 file, or to another key database:
-cert -export -db filename -pw password -label label -type cms | pkcs12 -target filename -target_pw password -target_type cms | pkcs12
- -cert -extract
- Extract a certificate from a key database:
-cert -extract -db filename -pw password -label label -target filename -format ascii | binary
- -cert -import
- Import a personal certificate from a key database:
-cert -import -file filename -pw password -type pkcs12 -target filename -target_pw password -target_type cms
- -cert -list
- List all certificates in a key database:
-cert -list all | personal | CA -db filename -pw password
- -cert -receive
- Receive a certificate from a file:
-cert -receive -file filename -db filename -pw password -format ascii | binary -default_cert yes | no
- -cert -sign
- Sign a certificate:
-cert -sign -file filename -db filename -pw password -label label -target filename -format ascii | binary -expire days
- -certreq -create
- Create a certificate request:
-certreq -create -db filename -pw password -label label -dn distinguished_name -size 1024 | 512 -file filename
- -certreq -delete
- Delete a certificate request:
-certreq -delete -db filename -pw password -label label
- -certreq -details
- List the detailed information of a specific certificate request:
-certreq -details -db filename -pw password -label labelList the detailed information about a certificate request and show the full certificate request:
-certreq -details -showOID -db filename -pw password -label label
- -certreq -extract
- Extract a certificate request from a certificate request database into a file:
-certreq -extract -db filename -pw password -label label -target filename
- -certreq -list
- List all certificate requests in the certificate request database:
-certreq -list -db filename -pw password
- -certreq -recreate
- Recreate a certificate request:
-certreq -recreate -dn distinguished_name -pw password -label label -target filename
Commands for cryptographic device operations
- -keydb -changepw
- Change the password for a cryptographic device:
-keydb -changepw -crypto module_name -tokenlabel token_label -pw password -new_pw new_password
- -keydb -list
- List currently-supported types of key database:
-keydb -list
- -cert -add
- Add a certificate from a file to a cryptographic device:
-cert -add -crypto module_name -tokenlabel token_label -pw password -label label -file filename -format ascii | binary
- -cert -create
- Create a self-signed certificate on a cryptographic device:
-cert -create -crypto module_name -tokenlabel token_label -pw password -label label -dn distinguished_name -size 1024 | 512 -x509version 3 | 1 | 2 -default_cert no | yes -expire days
- -cert -delete
- Delete a certificate on a cryptographic device:
-cert -delete -crypto module_name -tokenlabel token_label -pw password -label label
- -cert -details
- List the detailed information for a specific certificate on a cryptographic device:
-cert -details -crypto module_name -tokenlabel token_label -pw password -label labelList the detailed information and show the full certificate for a specific certificate on a cryptographic device:
-cert -details -showOID -crypto module_name -tokenlabel token_label -pw password -label label
- -cert -extract
- Extract a certificate from a key database:
-cert -extract -crypto module_name -tokenlabel token_label -pw password -label label -target filename -format ascii | binary
- -cert -import
- Import a certificate to a cryptographic device with secondary key database support:
-cert -import -db filename -pw password -label label -type cms -crypto module_name -tokenlabel token_label -pw password -secondaryDB filename -secondaryDBpw passwordImport a PKCS #12 certificate to a cryptographic device with secondary key database support:
-cert -import -file filename -pw password -type pkcs12 -crypto module_name -tokenlabel token_label -pw password -secondaryDB filename -secondaryDBpw password
- Note:
- You cannot import a certificate containing multiple OU (organizational unit) attributes in the distinguished name.
- -cert -list
- List all certificates on a cryptographic device:
-cert -list all | personal | CA -crypto module_name -tokenlabel token_label -pw password
- -cert -receive
- Receive a certificate from a file to a cryptographic device with secondary key database support:
-cert -receive -file filename -crypto module_name -tokenlabel token_label -pw password -default_cert yes | no -secondaryDB filename -secondaryDBpw password -format ascii | binary
- -certreq -create
- Create a certificate request on a cryptographic device:
-certreq -create -crypto module_name -tokenlabel token_label -pw password -label label -dn distinguished_name -size 1024 | 512 -file filename
- -certreq -delete
- Delete a certificate request from a cryptographic device:
-certreq -delete -crypto module_name -tokenlabel token_label -pw password -label label
- -certreq -details
- List the detailed information of a specific certificate request on a cryptographic device:
-certreq -details -crypto module_name -tokenlabel token_label -pw password -label labelList the detailed information about a certificate request and show the full certificate request on a cryptographic device:
-certreq -details -showOID -crypto module_name -tokenlabel token_label -pw password -label label
- -certreq -extract
- Extract a certificate request from a certificate request database on a cryptographic device into a file:
-certreq -extract -crypto module_name -tokenlabel token_label -pw password -label label -target filename
- -certreq -list
- List all certificate requests in the certificate request database on a cryptographic device:
-certreq -list -crypto module_name -tokenlabel token_label -pw password