IKEYCMD options

IKEYCMD options

Overview

Table 23 lists the options that can be present on the command line. Note that the meaning of an option can depend on the object and action specified in the command.

Table 23. Options that can be used with the IKEYCMD interface

IKEYCMD option Description

-crypto Name of the module to manage a PKCS #11 cryptographic device.
The value after -crypto is optional if you specify the module name in the properties file

-db Fully qualified path name of a key database.

-default_cert Sets a certificate as the default certificate. The value can be yes or no. The default is no.

-dn X.500 distinguished name. The value is a string enclosed in double quotes, for example "CN=John Smith,O=IBM ,OU=Test ,C=GB". Note that only the CN, O, and C attributes are required.

Note:

Avoid using multiple OU attributes in distinguished names when you create self-signed certificates. When you create such certificates, only the last entered OU value is accepted into the certificate.

-encryption Strength of encryption used in certificate export command. The value can be strong or weak. The default is strong.

-expire Expiration time in days of either a certificate or a database password. The defaults are 365 days for a certificate and 60 days for a database password.

-file File name of a certificate or certificate request.

-format Format of a certificate. The value can be ascii for Base64_encoded ASCII or binary for Binary DER data. The default is ascii.

-label Label attached to a certificate or certificate request.

-new_format New format of key database.

-new_pw New database password.

-old_format Old format of key database.

-pw Password for the key database or PKCS#12 file.

-secondaryDB Name of a secondary key database for PKCS #11 device operations.

-secondaryDBpw Password for the secondary key database for PKCS #11 device operations.

-showOID Displays the full certificate or certificate request.

-size Key size. The value can be 512 or 1024. The default is 1024.

-stash Tells IKEYCMD to stash the key database password to a file.

-target Destination file or database.

-target_pw Password for the key database if -target specifies a key database.

-target_type Type of database specified by -target operand. See -type option for permitted values.

-tokenLabel Label of a PKCS #11 cryptographic device.

-trust Trust status of a CA certificate. The value can be enable or disable. The default is enable.

-type Type of database. The value can be:

cms for a CMS key database
pkcs12 for a PKCS#12 file

-x509version Version of X.509 certificate to create. The value can be 1, 2, or 3. The default is 3.

See Also:

Setting up to use IKEYCMD
IKEYCMD syntax
IKEYCMD commands
IKEYCMD options

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.

IKEYCMD option	Description
-crypto	Name of the module to manage a PKCS #11 cryptographic device. The value after -crypto is optional if you specify the module name in the properties file
-db	Fully qualified path name of a key database.
-default_cert	Sets a certificate as the default certificate. The value can be yes or no. The default is no.
-dn	X.500 distinguished name. The value is a string enclosed in double quotes, for example "CN=John Smith,O=IBM ,OU=Test ,C=GB". Note that only the CN, O, and C attributes are required. Note: Avoid using multiple OU attributes in distinguished names when you create self-signed certificates. When you create such certificates, only the last entered OU value is accepted into the certificate.
-encryption	Strength of encryption used in certificate export command. The value can be strong or weak. The default is strong.
-expire	Expiration time in days of either a certificate or a database password. The defaults are 365 days for a certificate and 60 days for a database password.
-file	File name of a certificate or certificate request.
-format	Format of a certificate. The value can be ascii for Base64_encoded ASCII or binary for Binary DER data. The default is ascii.
-label	Label attached to a certificate or certificate request.
-new_format	New format of key database.
-new_pw	New database password.
-old_format	Old format of key database.
-pw	Password for the key database or PKCS#12 file.
-secondaryDB	Name of a secondary key database for PKCS #11 device operations.
-secondaryDBpw	Password for the secondary key database for PKCS #11 device operations.
-showOID	Displays the full certificate or certificate request.
-size	Key size. The value can be 512 or 1024. The default is 1024.
-stash	Tells IKEYCMD to stash the key database password to a file.
-target	Destination file or database.
-target_pw	Password for the key database if -target specifies a key database.
-target_type	Type of database specified by -target operand. See -type option for permitted values.
-tokenLabel	Label of a PKCS #11 cryptographic device.
-trust	Trust status of a CA certificate. The value can be enable or disable. The default is enable.
-type	Type of database. The value can be: cms for a CMS key database pkcs12 for a PKCS#12 file
-x509version	Version of X.509 certificate to create. The value can be 1, 2, or 3. The default is 3.