Commands for CMS or PKCS #12 key databases

Home
Commands for CMS or PKCS #12 key databases
–keydb –changepw
Change the password for a key database:
For the gsk7cmd and runmqckm commands:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days
For the gsk7capicmd command:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days
    -fips -strong
–keydb –convert
For the gsk7cmd and runmqckm commands, convert the key database from one format to another:
-keydb -convert -db filename -pw password
    -old_format cms | pkcs12 -new_format cms
For the gsk7capicmd command, convert an old version CMS key database to the new version CMS key database:
-keydb -convert -db filename -pw password
    -new_db filename -new_pw password -strong -fips
–keydb –create
Create a key database:
Using the gsk7cmd and runmqckm commands:
-keydb -create -db filename -pw password -type cms | pkcs12
Using the gsk7capicmd command:
-keydb -create -db filename -pw password -type cms -fips -strong
–keydb –delete
Delete a key database:
-keydb -delete -db filename -pw password
–keydb –list
List currently-supported types of key database:
Using the gsk7cmd and runmqckm commands:
-keydb -list 
Using the gsk7capicmd command:
-keydb -list -fips
–cert –add
Add a certificate from a file into a key database:
-cert -add -db filename -pw password -label label -file filename
    -format ascii | binary
Using the gsk7capicmd command:
-cert -add -db filename -pw password -label label -file filename
    -format ascii | binary -fips
–cert –create
Create a self-signed certificate:
Using the gsk7cmd or runmqckmcommands:
-cert -create -db filename -pw password -label label -dn distinguished_name
    -size 1024 | 512 -x509version 3 | 1 | 2 -expire days
Using the gsk7capicmd command:
-cert -create -db filename -pw password -label label -dn distinguished_name
    -size 2048 | 1024 | 512 -x509version 3 | 1 | 2 -expire days
    -fips -sigalg md5 | sha1 | sha224 | sha256 | sha384 | sha512
–cert –delete
Delete a certificate:
Using the gsk7cmd or runmqckmcommands:
-cert -delete -db filename -pw password -label label
Using the gsk7capicmd command:
-cert -delete -db filename -pw password -label label -fips
–cert –details
List the detailed information for a specific certificate:
Using the gsk7cmd or runmqckm commands:
-cert -details -db filename -pw password -label label
Using the gsk7capicmd command:
-cert -details -db filename -pw password -label label -fips
–cert –export
Export a personal certificate and its associated private key from a key database into a PKCS #12 file, or to another key database:
Using the gsk7cmd or runmqckm commands:
-cert -export -db filename -pw password -label label -type cms | pkcs12
    -target filename -target_pw password -target_type cms | pkcs12   
Using the gsk7capicmd command:
-cert -export -db filename -pw password -label label -type cms | pkcs12
    -target filename -target_pw password -target_type cms | pkcs12 
    -encryption strong | weak -fips
–cert –extract
Extract a certificate from a key database:
Using the gsk7cmd or runmqckm commands:
-cert -extract -db filename -pw password -label label -target filename
    -format ascii | binary
Using the gsk7capicmd command:
-cert -extract -db filename -pw password -label label -target filename
    -format ascii | binary -fips
–cert –import
Import a personal certificate from a key database:
For the gsk7cmd and runmqckm commands:
 -cert -import -file filename -pw password -type pkcs12 -target filename
        -target_pw password -target_type cms -label label
The -label option is required and specifies the label of the certificate that is to be imported from the source key database.
The -new_label option is optional and allows the imported certificate to be given a different label in the target key database from the label in the source database.
For the gsk7capicmd command:
 -cert -import -file filename -pw password -type cms -target filename
        -target_pw password -target_type cms -label label -fips
The -label option is required and specifies the label of the certificate that is to be imported from the source key database.
The -new_label option is optional and allows the imported certificate to be given a different label in the target key database from the label in the source database.
–cert –list
List all certificates in a key database:
For the gsk7cmd and runmqckm commands:
-cert -list all | personal | CA 
    -db filename -pw password
For the gsk7capicmd command:
-cert -list all | personal | CA 
    -db filename -pw password -fips
–cert –receive
Receive a certificate from a file:
For the gsk7cmd and runmqckm commands:
-cert -receive -file filename -db filename -pw password 
    -format ascii | binary -default_cert yes | no
For the gsk7capicmd command:
-cert -receive -file filename -db filename -pw password 
    -format ascii | binary -default_cert yes | no -fips
–cert –sign
Sign a certificate:
For the gsk7cmd and runmqckm commands:
-cert -sign -db filename -file filename  -pw password
   -label label -target filename
   -format ascii | binary -expire days    
For the gsk7capicmd command:
-cert -sign -db filename -file filename  -pw password
   -label label -target filename
   -format ascii | binary -expire days -fips 
   -sigalg md5 | sha1 | sha224 | sha256 | sha384 | sha512
–certreq –create
Create a certificate request:
For the gsk7cmd and runmqckm commands:
-certreq -create -db filename -pw password
    -label label -dn distinguished_name
    -size 1024 | 512 -file filename
For the gsk7capicmd command:
-certreq -create -db filename -pw password
    -label label -dn distinguished_name
    -size 2048 | 1024 | 512 -file filename -fips 
    -sigalg md5 | sha1 | sha224 | sha256 | sha384 | sha512
–certreq –delete
Delete a certificate request:
For the gsk7cmd and runmqckm commands:
-certreq -delete -db filename -pw password -label label
For the gsk7capicmd command:
-certreq -delete -db filename -pw password -label label -fips
–certreq –details
List the detailed information of a specific certificate request:
For the gsk7cmd and runmqckm commands:
-certreq -details -db filename -pw password -label label
For the gsk7capicmd command:
-certreq -details -db filename -pw password -label label -fips
List the detailed information about a certificate request and show the full certificate request:
Using the gsk7cmd and runmqckm commands:
-certreq -details -showOID -db filename 
    -pw password -label label
Using the gsk7capicmd command:
-certreq -details -showOID -db filename 
    -pw password -label label -fips
–certreq –extract
Extract a certificate request from a certificate request database into a file:
For the gsk7cmd and runmqckm commands:
-certreq -extract -db filename -pw password
     -label label -target filename
Using the gsk7capicmd command:
-certreq -extract -db filename -pw password
     -label label -target filename -fips
–certreq –list
List all certificate requests in the certificate request database:
For the gsk7cmd and runmqckm commands:
-certreq -list -db filename -pw password
Using the gsk7capicmd command:
-certreq -list -db filename -pw password -fips
–certreq –recreate
Recreate a certificate request:
For the gsk7cmd and runmqckm commands:
-certreq -recreate -db filename -pw password
    -label label -target filename     
Using the gsk7capicmd command:
-certreq -recreate -db filename -pw password
    -label label -target filename -fips     
Parent topic:
gsk7cmd, runmqckm, and gsk7capicmd commands

fa16150_

Home