SYNOPSIS
- piv-tool [OPTIONS]
OPTIONS
--serial
- Print the card serial number derived from the CHUID object, if any. Output is in hex byte format.
--name, -n
- Print the name of the inserted card (driver)
--admin argument, -A argument
-
Authenticate to the card using a 2DES or 3DES key. The
argument
of the form
-
{A|M}:ref:alg
is required, were A uses "EXTERNAL AUTHENTICATION" and M uses "MUTUAL AUTHENTICATION". ref is normally 9B, and alg is 03 for 3DES. The key is provided by the card vendor, and the environment variable PIV_EXT_AUTH_KEY must point to a text file containing the key in the format: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
-
--genkey argument, -G argument
-
Generate a key pair on the card and output the public key. The
argument
of the form
-
ref:alg
is required, where ref is 9A, 9C, 9D or 9E and alg is 06, 07, 11 or 14 for RSA 1024, RSA 2048, ECC 256 or ECC 384 respectively.
-
--object ContainerID, -O ContainerID
- Load an object onto the card. The ContainerID is as defined in NIST 800-73-n without leading 0x. Example: CHUID object is 3000
--cert ref, -s ref
- Load a certificate onto the card. ref is 9A, 9C, 9D or 9E
--compresscert ref, -Z ref
- Load a certificate that has been gzipped onto the card. ref is 9A, 9C, 9D or 9E
--out file, -o file
- Output file for any operation that produces output.
--in file, -i file
- Input file for any operation that requires an input file.
--key-slots-discovery file
- Print properties of the key slots. Needs 'admin' authentication.
--send-apdu apdu, -s apdu
- Sends an arbitrary APDU to the card in the format AA:BB:CC:DD:EE:FF.... This option may be repeated.
--reader num, -r num
- Use the given reader number. The default is 0, the first reader in the system.
--card-driver driver, -c driver
- Use the given card driver. The default is auto-detected.
--wait, -w
- Wait for a card to be inserted
--verbose, -v
- Causes piv-tool to be more verbose. Specify this flag several times to enable debug output in the opensc library.