cvc-create - Man Page
manual page for cvc-create 1.1.2
Synopsis
cvc-create [OPTION]...
Description
Create a card verifiable certificate
- -h, --help
Print help and exit
- -V, --version
Print version and exit
- --out-cert=FILENAME
Where to save the certificate (default=`CHR.cvcert')
- --role=ENUM
The terminal's role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")
- --type=STRING
Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer')
- --chat=HEXSTRING
Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).
- --issued=YYMMDD
Date the certificate was issued (default=`today')
- --expires=YYMMDD
Date until the certicate is valid
- --sign-with=FILENAME
Private key for signing the new certificate
- --scheme=ENUM
Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")
Mode: csr
The properties of the certificate are derived from the given signing request.
- --csr=FILENAME
Certificate signing request with the attributes
Mode: manual
The properties of the certificate are derived from the command line switches.
- --chr=CCH...HSSSSS
Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)
- --sign-as=FILENAME
CV certificate of the entity signing the new certificate (default=`self signed')
- --key=FILENAME
Private key of the Terminal (default=`derived from signer')
- --out-key=FILENAME
Where to save the derived private key (default=`CHR.pkcs8')
Options for an Authentication Terminal (AT)
- --out-desc=FILENAME
Where to save the encoded certificate description (default=`CHR.desc')
- --cert-desc=FILENAME
Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)
- --issuer-name=STRING
Name of the issuer of this certificate (certificate description)
- --issuer-url=URL
URL that points to informations about the issuer of this certificate (certificate description)
- --subject-name=STRING
Name of the holder of this certificate (certificate description)
- --subject-url=URL
URL that points to informations about the subject of this certificate (certificate description)
- --write-dg17
Allow writing DG 17 (Normal Place of Residence) (default=off)
- --write-dg18
Allow writing DG 18 (Community ID) (default=off)
- --write-dg19
Allow writing DG 19 (Residence Permit I) (default=off)
- --write-dg20
Allow writing DG 20 (Residence Permit II) (default=off)
- --write-dg21
Allow writing DG 21 (Optional Data) (default=off)
- --at-rfu32
Allow RFU R/W Access bit 32 (default=off)
- --at-rfu31
Allow RFU R/W Access bit 31 (default=off)
- --at-rfu30
Allow RFU R/W Access bit 30 (default=off)
- --at-rfu29
Allow RFU R/W Access bit 29 (default=off)
- --read-dg1
Allow reading DG 1 (Document Type) (default=off)
- --read-dg2
Allow reading DG 2 (Issuing State) (default=off)
- --read-dg3
Allow reading DG 3 (Date of Expiry) (default=off)
- --read-dg4
Allow reading DG 4 (Given Names) (default=off)
- --read-dg5
Allow reading DG 5 (Family Names) (default=off)
- --read-dg6
Allow reading DG 6 (Religious/Artistic Name) (default=off)
- --read-dg7
Allow reading DG 7 (Academic Title) (default=off)
- --read-dg8
Allow reading DG 8 (Date of Birth) (default=off)
- --read-dg9
Allow reading DG 9 (Place of Birth) (default=off)
- --read-dg10
Allow reading DG 10 (Nationality) (default=off)
- --read-dg11
Allow reading DG 11 (Sex) (default=off)
- --read-dg12
Allow reading DG 12 (Optional Data) (default=off)
- --read-dg13
Allow reading DG 13 (default=off)
- --read-dg14
Allow reading DG 14 (default=off)
- --read-dg15
Allow reading DG 15 (default=off)
- --read-dg16
Allow reading DG 16 (default=off)
- --read-dg17
Allow reading DG 17 (Normal Place of Residence) (default=off)
- --read-dg18
Allow reading DG 18 (Community ID) (default=off)
- --read-dg19
Allow reading DG 19 (Residence Permit I) (default=off)
- --read-dg20
Allow reading DG 20 (Residence Permit II) (default=off)
- --read-dg21
Allow reading DG 21 (Optional Data) (default=off)
- --install-qual-cert
Allow installing qualified certificate (default=off)
- --install-cert
Allow installing certificate (default=off)
- --pin-management
Allow PIN management (default=off)
- --can-allowed
CAN allowed (default=off)
- --privileged
Privileged terminal (default=off)
- --rid
Allow restricted identification (default=off)
- --verify-community
Allow community ID verification (default=off)
- --verify-age
Allow age verification (default=off)
Options for a Signature Terminal (ST)
- --st-rfu5
Allow RFU bit 5 (default=off)
- --st-rfu4
Allow RFU bit 4 (default=off)
- --st-rfu3
Allow RFU bit 3 (default=off)
- --st-rfu2
Allow RFU bit 2 (default=off)
- --gen-qualified-sig
Generate qualified electronic signature (default=off)
- --gen-sig
Generate electronic signature (default=off)
Options for an Inspection System (IS)
- --read-eid
Read access to eID application (Deprecated) (default=off)
- --is-rfu4
Allow RFU bit 4 (default=off)
- --is-rfu3
Allow RFU bit 3 (default=off)
- --is-rfu2
Allow RFU bit 2 (default=off)
- --read-iris
Read access to ePassport application: DG 4 (Iris) (default=off)
- --read-finger
Read access to ePassport application: DG 3 (Fingerprint) (default=off)
Author
Written by Frank Morgner <frankmorgner@gmail.com>
Reporting Bugs
Report bugs to https://github.com/frankmorgner/openpace/issues