Commands for cryptographic device operations

Home
Commands for cryptographic device operations
–keydb –changepw
Change the password for a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-keydb -changepw -crypto module_name -tokenlabel token_label
    -pw password -new_pw new_password 
Using the gsk7capicmd command:
-keydb -changepw -db filename -crypto module_name -tokenlabel token_label
    -pw password -new_pw new_password -fips -strong
–keydb –list
List currently-supported types of key database:
Using the gsk7cmd and runmqckm commands:
-keydb -list 
Using the gsk7capicmd command:
-keydb -list -fips 
–cert –add
Add a certificate from a file to a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -add -crypto module_name -tokenlabel token_label
    -pw password -label label -file filename -format ascii | binary
Using the gsk7capicmd command:
-cert -add -crypto module_name -tokenlabel token_label
    -pw password -label label -file filename -format ascii | binary 
    -fips
–cert –create
Create a self-signed certificate on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name -size 1024 | 512
    -x509version 3 | 1 | 2 -default_cert no | yes -expire days
Using the gsk7capicmd command:
-cert -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name 
    -size 2048 | 1024 | 512 -x509version 3 | 1 | 2
    -default_cert no | yes -expire days 
    -fips -sigalg md5 | sha1 | sha224 | sha256 | sha384
–cert –delete
Delete a certificate on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -delete -crypto module_name -tokenlabel token_label
    -pw password -label label
Using the gsk7capicmd command:
-cert -delete -crypto module_name -tokenlabel token_label
    -pw password -label label -fips
–cert –details
List the detailed information for a specific certificate on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -details -crypto module_name -tokenlabel token_label 
    -pw password -label label
Using the gsk7capicmd command:
-cert -details -crypto module_name -tokenlabel token_label 
    -pw password -label label -fips
List the detailed information and show the full certificate for a specific certificate on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label
Using the gsk7capicmd command:
-cert -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label -fips
–cert –extract
Extract a certificate from a key database:
Using the gsk7cmd and runmqckm commands:
-cert -extract -crypto module_name -tokenlabel token_label
    -pw password -label label -target filename -format ascii | binary
Using the gsk7capicmd command:
-cert -extract -crypto module_name -tokenlabel token_label
    -pw password -label label -target filename -format ascii | binary
    -fips
–cert –import
Import a certificate to a cryptographic device with secondary key database support:
Using the gsk7cmd and runmqckm commands:
-cert -import -db filename -pw password -label label -type cms
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password
Using the gsk7capicmd command:
-cert -import -db filename -pw password -label label -type cms
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password -fips
Import a PKCS #12 certificate to a cryptographic device with secondary key database support:
Using the gsk7cmd and runmqckm commands:
-cert -import -file filename -pw password -type pkcs12
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password
Using the gsk7capicmd command:
-cert -import -file filename -pw password -type pkcs12
    -crypto module_name -tokenlabel token_label -pw password
    -secondaryDB filename -secondaryDBpw password -fips
–cert –list
List all certificates on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-cert -list all | personal | CA 
    -crypto module_name -tokenlabel token_label -pw password
Using the gsk7capicmd command:
-cert -list all | personal | CA 
    -crypto module_name -tokenlabel token_label -pw password -fips
–cert –receive
Receive a certificate from a file to a cryptographic device with secondary key database support:
Using the gsk7cmd and runmqckm commands:
-cert -receive -file filename -crypto module_name -tokenlabel token_label 
    -pw password  -default_cert yes | no
    -secondaryDB filename -secondaryDBpw password -format ascii | binary
Using the gsk7capicmd command:
-cert -receive -file filename -crypto module_name -tokenlabel token_label 
    -pw password  -default_cert yes | no
    -secondaryDB filename -secondaryDBpw password -format ascii | binary
    -fips
–certreq –create
Create a certificate request on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-certreq -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name
    -size 1024 | 512 -file filename
Using the gsk7capicmd command:
-certreq -create -crypto module_name -tokenlabel token_label 
    -pw password -label label -dn distinguished_name
    -size 2048 | 1024 | 512 -file filename -fips
    -sigalg md5 | sha1 | sha224 | sha256 | sha384 | sha512
–certreq –delete
Delete a certificate request from a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-certreq -delete -crypto module_name -tokenlabel token_label 
    -pw password -label label
Using the gsk7capicmd command:
-certreq -delete -crypto module_name -tokenlabel token_label 
    -pw password -label label -fips
–certreq –details
List the detailed information of a specific certificate request on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-certreq -details -crypto module_name -tokenlabel token_label 
    -pw password -label label
Using the gsk7capicmd command:
-certreq -details -crypto module_name -tokenlabel token_label 
    -pw password -label label -fips
List the detailed information about a certificate request and show the full certificate request on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-certreq -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label
Using the gsk7capicmd command:
-certreq -details -showOID -crypto module_name -tokenlabel token_label 
    -pw password -label label -fips
–certreq –extract
Extract a certificate request from a certificate request database on a cryptographic device into a file:
Using the gsk7cmd and runmqckm commands:
-certreq -extract -crypto module_name -tokenlabel token_label 
    -pw password -label label -target filename
Using the gsk7capicmd command:
-certreq -extract -crypto module_name -tokenlabel token_label 
    -pw password -label label -target filename -fips
–certreq –list
List all certificate requests in the certificate request database on a cryptographic device:
Using the gsk7cmd and runmqckm commands:
-certreq -list -crypto module_name -tokenlabel token_label 
    -pw password
Using the gsk7capicmd command:
-certreq -list -crypto module_name -tokenlabel token_label 
    -pw password -fips
Parent topic:
gsk7cmd, runmqckm, and gsk7capicmd commands

fa16160_

Home