cvc-create(1)
manual page for cvc-create 1.1.2
Description
CVC-CREATE
NAME
cvc-create - manual page for cvc-create 1.1.2
SYNOPSIS
cvc-create [OPTION]...
DESCRIPTION
Create a card
verifiable certificate
-h, --help
Print help and exit
-V, --version
Print version and exit
--out-cert=FILENAME
Where to save the certificate (default=‘CHR.cvcert’)
--role=ENUM
The terminal’s role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")
--type=STRING
Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer’s CVC type), any other value is interpreted as object identifier. (default=‘derived_from_signer’)
--chat=HEXSTRING
Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).
--issued=YYMMDD
Date the certificate was issued (default=‘today’)
--expires=YYMMDD
Date until the certicate is valid
--sign-with=FILENAME
Private key for signing the new certificate
--scheme=ENUM
Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")
Mode: csr
The properties of the certificate are derived from the given signing request.
--csr=FILENAME
Certificate signing request with the attributes
Mode: manual
The properties of the certificate are derived from the command line switches.
--chr=CCH...HSSSSS
Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)
--sign-as=FILENAME
CV certificate of the entity signing the new certificate (default=‘self signed’)
--key=FILENAME
Private key of the Terminal (default=‘derived from signer’)
--out-key=FILENAME
Where to save the derived private key (default=‘CHR.pkcs8’)
Options for an Authentication Terminal (AT):
--out-desc=FILENAME
Where to save the encoded certificate description (default=‘CHR.desc’)
--cert-desc=FILENAME
Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)
--issuer-name=STRING
Name of the issuer of this certificate (certificate description)
--issuer-url=URL
URL that points to informations about the issuer of this certificate (certificate description)
--subject-name=STRING
Name of the holder of this certificate (certificate description)
--subject-url=URL
URL that points to informations about the subject of this certificate (certificate description)
--write-dg17
Allow writing DG 17 (Normal Place of Residence) (default=off)
--write-dg18
Allow writing DG 18 (Community ID) (default=off)
--write-dg19
Allow writing DG 19 (Residence Permit I) (default=off)
--write-dg20
Allow writing DG 20 (Residence Permit II) (default=off)
--write-dg21
Allow writing DG 21 (Optional Data) (default=off)
--at-rfu32
Allow RFU R/W Access bit 32 (default=off)
--at-rfu31
Allow RFU R/W Access bit 31 (default=off)
--at-rfu30
Allow RFU R/W Access bit 30 (default=off)
--at-rfu29
Allow RFU R/W Access bit 29 (default=off)
--read-dg1
Allow reading DG 1 (Document Type) (default=off)
--read-dg2
Allow reading DG 2 (Issuing State) (default=off)
--read-dg3
Allow reading DG 3 (Date of Expiry) (default=off)
--read-dg4
Allow reading DG 4 (Given Names) (default=off)
--read-dg5
Allow reading DG 5 (Family Names) (default=off)
--read-dg6
Allow reading DG 6 (Religious/Artistic Name) (default=off)
--read-dg7
Allow reading DG 7 (Academic Title) (default=off)
--read-dg8
Allow reading DG 8 (Date of Birth) (default=off)
--read-dg9
Allow reading DG 9 (Place of Birth) (default=off)
--read-dg10
Allow reading DG 10 (Nationality) (default=off)
--read-dg11
Allow reading DG 11 (Sex) (default=off)
--read-dg12
Allow reading DG 12 (Optional Data) (default=off)
--read-dg13
Allow reading DG 13 (default=off)
--read-dg14
Allow reading DG 14 (default=off)
--read-dg15
Allow reading DG 15 (default=off)
--read-dg16
Allow reading DG 16 (default=off)
--read-dg17
Allow reading DG 17 (Normal Place of Residence) (default=off)
--read-dg18
Allow reading DG 18 (Community ID) (default=off)
--read-dg19
Allow reading DG 19 (Residence Permit I) (default=off)
--read-dg20
Allow reading DG 20 (Residence Permit II) (default=off)
--read-dg21
Allow reading DG 21 (Optional Data) (default=off)
--install-qual-cert
Allow installing qualified certificate (default=off)
--install-cert
Allow installing certificate (default=off)
--pin-management
Allow PIN management (default=off)
--can-allowed
CAN allowed (default=off)
--privileged
Privileged terminal (default=off)
|
--rid |
Allow restricted identification (default=off) |
--verify-community
Allow community ID verification (default=off)
--verify-age
Allow age verification (default=off)
Options for a Signature Terminal (ST):
--st-rfu5
Allow RFU bit 5 (default=off)
--st-rfu4
Allow RFU bit 4 (default=off)
--st-rfu3
Allow RFU bit 3 (default=off)
--st-rfu2
Allow RFU bit 2 (default=off)
--gen-qualified-sig
Generate qualified electronic signature (default=off)
--gen-sig
Generate electronic signature (default=off)
Options for an Inspection System (IS):
--read-eid
Read access to eID application (Deprecated) (default=off)
--is-rfu4
Allow RFU bit 4 (default=off)
--is-rfu3
Allow RFU bit 3 (default=off)
--is-rfu2
Allow RFU bit 2 (default=off)
--read-iris
Read access to ePassport application: DG 4 (Iris) (default=off)
--read-finger
Read access to ePassport application: DG 3 (Fingerprint) (default=off)
AUTHOR
Written by Frank Morgner <frankmorgner@gmail.com>
REPORTING BUGS
Report bugs to https://github.com/frankmorgner/openpace/issues