Man page - cvc-create(1)
Packages contains this manual
Manual
CVC-CREATE
NAMESYNOPSIS
DESCRIPTION
Options for an Authentication Terminal (AT):
Options for a Signature Terminal (ST):
Options for an Inspection System (IS):
AUTHOR
REPORTING BUGS
NAME
cvc-create - manual page for cvc-create 1.1.2
SYNOPSIS
cvc-create [ OPTION ]...
DESCRIPTION
Create a card
verifiable certificate
-h
,
--help
Print help and exit
-V , --version
Print version and exit
--out-cert = FILENAME
Where to save the certificate (default=âCHR.cvcertâ)
--role = ENUM
The terminalâs role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")
--type = STRING
Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signerâs CVC type), any other value is interpreted as object identifier. (default=âderived_from_signerâ)
--chat = HEXSTRING
Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).
--issued = YYMMDD
Date the certificate was issued (default=âtodayâ)
--expires = YYMMDD
Date until the certicate is valid
--sign-with = FILENAME
Private key for signing the new certificate
--scheme = ENUM
Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")
Mode: csr
The properties of the certificate are derived from the given signing request.
--csr = FILENAME
Certificate signing request with the attributes
Mode: manual
The properties of the certificate are derived from the command line switches.
--chr = CCH ...HSSSSS
Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)
--sign-as = FILENAME
CV certificate of the entity signing the new certificate (default=âself signedâ)
--key = FILENAME
Private key of the Terminal (default=âderived from signerâ)
--out-key = FILENAME
Where to save the derived private key (default=âCHR.pkcs8â)
Options for an Authentication Terminal (AT):
--out-desc = FILENAME
Where to save the encoded certificate description (default=âCHR.descâ)
--cert-desc = FILENAME
Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)
--issuer-name = STRING
Name of the issuer of this certificate (certificate description)
--issuer-url = URL
URL that points to informations about the issuer of this certificate (certificate description)
--subject-name = STRING
Name of the holder of this certificate (certificate description)
--subject-url = URL
URL that points to informations about the subject of this certificate (certificate description)
--write-dg17
Allow writing DG 17 (Normal Place of Residence) (default=off)
--write-dg18
Allow writing DG 18 (Community ID) (default=off)
--write-dg19
Allow writing DG 19 (Residence Permit I) (default=off)
--write-dg20
Allow writing DG 20 (Residence Permit II) (default=off)
--write-dg21
Allow writing DG 21 (Optional Data) (default=off)
--at-rfu32
Allow RFU R/W Access bit 32 (default=off)
--at-rfu31
Allow RFU R/W Access bit 31 (default=off)
--at-rfu30
Allow RFU R/W Access bit 30 (default=off)
--at-rfu29
Allow RFU R/W Access bit 29 (default=off)
--read-dg1
Allow reading DG 1 (Document Type) (default=off)
--read-dg2
Allow reading DG 2 (Issuing State) (default=off)
--read-dg3
Allow reading DG 3 (Date of Expiry) (default=off)
--read-dg4
Allow reading DG 4 (Given Names) (default=off)
--read-dg5
Allow reading DG 5 (Family Names) (default=off)
--read-dg6
Allow reading DG 6 (Religious/Artistic Name) (default=off)
--read-dg7
Allow reading DG 7 (Academic Title) (default=off)
--read-dg8
Allow reading DG 8 (Date of Birth) (default=off)
--read-dg9
Allow reading DG 9 (Place of Birth) (default=off)
--read-dg10
Allow reading DG 10 (Nationality) (default=off)
--read-dg11
Allow reading DG 11 (Sex) (default=off)
--read-dg12
Allow reading DG 12 (Optional Data) (default=off)
--read-dg13
Allow reading DG 13 (default=off)
--read-dg14
Allow reading DG 14 (default=off)
--read-dg15
Allow reading DG 15 (default=off)
--read-dg16
Allow reading DG 16 (default=off)
--read-dg17
Allow reading DG 17 (Normal Place of Residence) (default=off)
--read-dg18
Allow reading DG 18 (Community ID) (default=off)
--read-dg19
Allow reading DG 19 (Residence Permit I) (default=off)
--read-dg20
Allow reading DG 20 (Residence Permit II) (default=off)
--read-dg21
Allow reading DG 21 (Optional Data) (default=off)
--install-qual-cert
Allow installing qualified certificate (default=off)
--install-cert
Allow installing certificate (default=off)
--pin-management
Allow PIN management (default=off)
--can-allowed
CAN allowed (default=off)
--privileged
Privileged terminal (default=off)
|
--rid |
Allow restricted identification (default=off) |
--verify-community
Allow community ID verification (default=off)
--verify-age
Allow age verification (default=off)
Options for a Signature Terminal (ST):
--st-rfu5
Allow RFU bit 5 (default=off)
--st-rfu4
Allow RFU bit 4 (default=off)
--st-rfu3
Allow RFU bit 3 (default=off)
--st-rfu2
Allow RFU bit 2 (default=off)
--gen-qualified-sig
Generate qualified electronic signature (default=off)
--gen-sig
Generate electronic signature (default=off)
Options for an Inspection System (IS):
--read-eid
Read access to eID application (Deprecated) (default=off)
--is-rfu4
Allow RFU bit 4 (default=off)
--is-rfu3
Allow RFU bit 3 (default=off)
--is-rfu2
Allow RFU bit 2 (default=off)
--read-iris
Read access to ePassport application: DG 4 (Iris) (default=off)
--read-finger
Read access to ePassport application: DG 3 (Fingerprint) (default=off)
AUTHOR
Written by Frank Morgner <frankmorgner@gmail.com>
REPORTING BUGS
Report bugs to https://github.com/frankmorgner/openpace/issues