2007-11-02 22:34:52 +00:00
.TH QCATOOL "1" "August 2007" "qcatool 1.0.0" "Qt Cryptographic Architecture (QCA)"
2007-08-12 11:54:38 +00:00
.SH NAME
2007-11-02 22:34:52 +00:00
qcatool \- command line tool for the Qt Cryptographic Architecture
2007-08-12 11:54:38 +00:00
.SH DESCRIPTION
2007-11-02 22:34:52 +00:00
qcatool is a command line tool for performing various cryptographic
operations with the Qt Cryptographic Architecture (QCA). qcatool can
2007-08-12 11:54:38 +00:00
also be used for testing and debugging QCA.
.SH USAGE
2007-11-02 22:34:52 +00:00
qcatool has a range of options and commands. You only ever get to
2007-08-12 11:54:38 +00:00
use one command, but you may use several, one or no options.
.SH OPTIONS
As noted above, these are all optional, and may be combined.
.PP
.TP
\fB \- \- pass\fR =PASSWORD
2007-08-13 10:01:27 +00:00
Specify the password to use. This is probably a bad idea except for
testing, because anyone can read the arguments to a command line
application.
2007-08-12 11:54:38 +00:00
.TP
\fB \- \- newpass\fR =PASSWORD
Specify the new password to use for password change
with the \fB key changepass\fR and \fB keybundle changepass\fR commands.
2007-08-13 10:01:27 +00:00
This is probably a bad idea except for
testing, because anyone can read the arguments to a command line
application.
2007-08-12 11:54:38 +00:00
.TP
\fB \- \- nonroots\fR =CERTIFICATES
Specify additional certificates, not trusted, but which may be used
in the trust path if appropriate trust can be established.
.TP
\fB \- \- roots\fR =CERTIFICATES
Specify additional certificates which can be used as trusted (root)
certificates.
.TP
\fB \- \- nosys\fR
Disable use of the standard root certificates that are provided by
the operating system.
.TP
\fB \- \- noprompt\fR
2007-08-13 10:01:27 +00:00
Disable prompting for passwords/passphrases. If you do not provide
the passphrase on the command line (with \fB \- \- pass\fR or \fB \- \- newpass\fR )
2007-11-02 22:34:52 +00:00
this will cause qcatool to abort the command if a password/passphrase is
2007-08-13 10:01:27 +00:00
required.
2007-08-12 11:54:38 +00:00
.TP
\fB \- \- ordered\fR
2007-08-14 20:59:29 +00:00
If outputting certificate information fields (Distinguished Name and Subject Alternative Name), show them in same the order that they are present in the certificate rather than in a friendly sorted order.
2007-08-12 11:54:38 +00:00
.TP
\fB \- \- debug\fR
Enable additional output to aid debugging.
.TP
\fB \- \- log-file=FILENAME\fR
Log to the specified file.
.TP
\fB \- \- log-level=LEVEL\fR
Log at the specified level. The log level can be between 0 (none)
and 8 (most).
.TP
\fB \- \- nobundle\fR
2007-08-14 20:59:29 +00:00
When S/MIME signing, do not bundle the signer's certificate chain inside the signature. This results in a smaller signature output, but requires the recipient to have all of the necessary certificates in order to verify it.
2007-08-12 11:54:38 +00:00
.SH COMMANDS
.TP
\fB help\fR , \fB \- \- help\fR , \fB \- h\fR
Output usage (help) information.
.TP
\fB version\fR , \fB \- \- version\fR , \fB \- v\fR
Output version information.
.TP
\fB plugins\fR
List available plugins. Use the \fB \- \- debug\fR option to get
more information on plugins which are found and which ones actually
loaded.
.TP
\fB config save \fI [provider]\fR
2007-08-14 20:59:29 +00:00
Save provider configuration. Use this to have the provider's default configuration written to persistent storage, which you can then edit by hand.
2007-08-12 11:54:38 +00:00
.TP
\fB config edit \fI [provider]\fR
2007-08-14 20:59:29 +00:00
Edit provider configuration. The changes are written to persistent storage.
2007-08-12 11:54:38 +00:00
.TP
\fB key make rsa|dsa [bits]\fR
Create a key pair
.TP
\fB key changepass [K]
Add/change/remove passphrase of a key
.TP
\fB cert makereq [K]\fR
Create certificate request (CSR)
.TP
\fB cert makeself [K]\fR
Create self-signed certificate
.TP
\fB cert makereqadv [K]\fR
Advanced version of 'makereq'
.TP
\fB cert makeselfadv [K]\fR
Advanced version of 'makeself'
.TP
\fB cert validate [C]\fR
Validate certificate
.TP
\fB keybundle make [K] [C]\fR
Create a keybundle
.TP
\fB keybundle extract [X]\fR
Extract certificate(s) and key
.TP
\fB keybundle changepass [X]\fR
Change passphrase of a keybundle
.TP
\fB keystore list-stores\fR
List all available keystores
.TP
\fB keystore list [storeName]\fR
List content of a keystore
.TP
\fB keystore monitor\fR
Monitor for keystore availability
.TP
\fB keystore export [E]\fR
Export a keystore entry's content
.TP
\fB keystore exportref [E]\fR
Export a keystore entry reference
.TP
\fB keystore addkb [storeName] [cert.p12]\fR
Add a keybundle into a keystore
.TP
\fB keystore addpgp [storeName] [key.asc]\fR
Add a PGP key into a keystore
.TP
\fB keystore remove [E]\fR
Remove an object from a keystore
.TP
\fB show cert [C]\fR
Examine a certificate
.TP
\fB show req [req.pem]\fR
Examine a certificate request (CSR)
.TP
\fB show crl [crl.pem]\fR
Examine a certificate revocation list
.TP
\fB show kb [X]\fR
Examine a keybundle
.TP
\fB show pgp [P|S]\fR
Examine a PGP key
.TP
\fB message sign pgp|pgpdetach|smime [X|S]\fR
Sign a message
.TP
\fB message encrypt pgp|smime [C|P]\fR
Encrypt a message
.TP
\fB message signencrypt [S] [P]\fR
PGP sign & encrypt a message
.TP
\fB message verify pgp|smime\fR
Verify a message
.TP
\fB message decrypt pgp|smime ((X) ...)\fR
Decrypt a message (S/MIME needs X)
.TP
\fB message exportcerts\fR
Export certs from S/MIME message
2007-08-13 10:01:27 +00:00
.SH ARGUMENTS
The arguments to the commands are as follows.
2007-08-12 11:54:38 +00:00
2007-08-13 10:01:27 +00:00
K = private key.
C = certificate.
X = key bundle.
P = PGP public key.
S = PGP secret key.
E = generic entry.
These must be identified by either a filename or a keystore reference ("store:obj").
2007-08-12 11:54:38 +00:00
.SH AUTHOR
2007-11-02 22:34:52 +00:00
qcatool was written by Justin Karneges as part of QCA. This manual page
2007-08-12 11:54:38 +00:00
was written by Brad Hards.
