Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
QCATOOL(1)	      Qt Cryptographic Architecture (QCA)	    QCATOOL(1)

       qcatool - command line tool for the Qt Cryptographic Architecture

       qcatool is a command line tool for performing various cryptographic op-
       erations	with the Qt Cryptographic Architecture (QCA). qcatool can also
       be used for testing and debugging QCA.

       qcatool	has  a range of	options	and commands. You only ever get	to use
       one command, but	you may	use several, one or no options.

       As noted	above, these are all optional, and may be combined.

	      Specify the password to use. This	is probably a bad idea	except
	      for  testing, because anyone can read the	arguments to a command
	      line application.

	      Specify the new password to use for password change with the key
	      changepass  and keybundle	changepass commands.  This is probably
	      a	bad idea except	for testing, because anyone can	read the argu-
	      ments to a command line application.

	      Specify  additional  certificates, not trusted, but which	may be
	      used in the trust	path if	appropriate trust can be established.

	      Specify additional certificates which can	 be  used  as  trusted
	      (root) certificates.

	      Disable  use of the standard root	certificates that are provided
	      by the operating system.

	      Disable prompting	for passwords/passphrases. If you do not  pro-
	      vide  the	 passphrase on the command line	(with --pass or	--new-
	      pass) this will cause qcatool to abort the command  if  a	 pass-
	      word/passphrase is required.

	      If outputting certificate	information fields (Distinguished Name
	      and Subject Alternative Name), show them in same the order  that
	      they  are	 present  in the certificate rather than in a friendly
	      sorted order.

	      Enable additional	output to aid debugging.

	      Log to the specified file.

	      Log at the specified level. The  log  level  can	be  between  0
	      (none) and 8 (most).

	      When  S/MIME  signing,  do  not  bundle the signer's certificate
	      chain inside the signature.  This	results	in a smaller signature
	      output,  but requires the	recipient to have all of the necessary
	      certificates in order to verify it.

       help, --help, -h
	      Output usage (help) information.

       version,	--version, -v
	      Output version information.

	      List available plugins. Use the --debug option to	get  more  in-
	      formation	 on  plugins  which  are found and which ones actually

       config save [provider]
	      Save provider configuration. Use this to have the	provider's de-
	      fault configuration written to persistent	storage, which you can
	      then edit	by hand.

       config edit [provider]
	      Edit provider configuration. The changes are written to  persis-
	      tent storage.

       key make	rsa|dsa	[bits]
	      Create a key pair

       key changepass [K]
	      Add/change/remove	passphrase of a	key

       cert makereq [K]
	      Create certificate request (CSR)

       cert makeself [K]
	      Create self-signed certificate

       cert makereqadv [K]
	      Advanced version of 'makereq'

       cert makeselfadv	[K]
	      Advanced version of 'makeself'

       cert validate [C]
	      Validate certificate

       keybundle make [K] [C]
	      Create a keybundle

       keybundle extract [X]
	      Extract certificate(s) and key

       keybundle changepass [X]
	      Change passphrase	of a keybundle

       keystore	list-stores
	      List all available keystores

       keystore	list [storeName]
	      List content of a	keystore

       keystore	monitor
	      Monitor for keystore availability

       keystore	export [E]
	      Export a keystore	entry's	content

       keystore	exportref [E]
	      Export a keystore	entry reference

       keystore	addkb [storeName] [cert.p12]
	      Add a keybundle into a keystore

       keystore	addpgp [storeName] [key.asc]
	      Add a PGP	key into a keystore

       keystore	remove [E]
	      Remove an	object from a keystore

       show cert [C]
	      Examine a	certificate

       show req	[req.pem]
	      Examine a	certificate request (CSR)

       show crl	[crl.pem]
	      Examine a	certificate revocation list

       show kb [X]
	      Examine a	keybundle

       show pgp	[P|S]
	      Examine a	PGP key

       message sign pgp|pgpdetach|smime	[X|S]
	      Sign a message

       message encrypt pgp|smime [C|P]
	      Encrypt a	message

       message signencrypt [S] [P]
	      PGP sign & encrypt a message

       message verify pgp|smime
	      Verify a message

       message decrypt pgp|smime ((X) ...)
	      Decrypt a	message	(S/MIME	needs X)

       message exportcerts
	      Export certs from	S/MIME message

       The arguments to	the commands are as follows.

       K = private key.

       C = certificate.

       X = key bundle.

       P = PGP public key.

       S = PGP secret key.

       E = generic entry.

       These  must  be identified by either a filename or a keystore reference

       qcatool was written by Justin Karneges as part of QCA. This manual page
       was written by Brad Hards.

qcatool	1.0.0			  August 2007			    QCATOOL(1)


Want to link to this manual page? Use this URL:

home | help