|Specify the password to use. This is probably a bad idea except for testing, because anyone can read the arguments to a command line application.|
|Specify the new password to use for password change with the key changepass and keybundle changepass commands. This is probably a bad idea except for testing, because anyone can read the arguments to a command line application.|
|Specify additional certificates, not trusted, but which may be used in the trust path if appropriate trust can be established.|
|Specify additional certificates which can be used as trusted (root) certificates.|
|--nosys||Disable use of the standard root certificates that are provided by the operating system.|
|Disable prompting for passwords/passphrases. If you do not provide the passphrase on the command line (with --pass or --newpass) this will cause qcatool to abort the command if a password/passphrase is required.|
|If outputting certificate information fields (Distinguished Name and Subject Alternative Name), show them in same the order that they are present in the certificate rather than in a friendly sorted order.|
|--debug||Enable additional output to aid debugging.|
|Log to the specified file.|
|Log at the specified level. The log level can be between 0 (none) and 8 (most).|
When S/MIME signing, do not bundle the signers certificate chain inside the signature. This results in a smaller signature output, but requires the recipient to have all of the necessary certificates in order to verify it.
help, --help, -h Output usage (help) information. version, --version, -v Output version information. plugins List available plugins. Use the --debug option to get more information on plugins which are found and which ones actually loaded. config save [provider] Save provider configuration. Use this to have the providers default configuration written to persistent storage, which you can then edit by hand. config edit [provider] Edit provider configuration. The changes are written to persistent storage. key make rsa|dsa [bits] Create a key pair key changepass [K] Add/change/remove passphrase of a key cert makereq [K] Create certificate request (CSR) cert makeself [K] Create self-signed certificate cert makereqadv [K] Advanced version of makereq cert makeselfadv [K] Advanced version of makeself cert validate [C] Validate certificate keybundle make [K] [C] Create a keybundle keybundle extract [X] Extract certificate(s) and key keybundle changepass [X] Change passphrase of a keybundle keystore list-stores List all available keystores keystore list [storeName] List content of a keystore keystore monitor Monitor for keystore availability keystore export [E] Export a keystore entrys content keystore exportref [E] Export a keystore entry reference keystore addkb [storeName] [cert.p12] Add a keybundle into a keystore keystore addpgp [storeName] [key.asc] Add a PGP key into a keystore keystore remove [E] Remove an object from a keystore show cert [C] Examine a certificate show req [req.pem] Examine a certificate request (CSR) show crl [crl.pem] Examine a certificate revocation list show kb [X] Examine a keybundle show pgp [P|S] Examine a PGP key message sign pgp|pgpdetach|smime [X|S] Sign a message message encrypt pgp|smime [C|P] Encrypt a message message signencrypt [S] [P] PGP sign & encrypt a message message verify pgp|smime Verify a message message decrypt pgp|smime ((X) ...) Decrypt a message (S/MIME needs X) message exportcerts Export certs from S/MIME message
The arguments to the commands are as follows.
K = private key.
C = certificate.
X = key bundle.
P = PGP public key.
S = PGP secret key.
E = generic entry.
These must be identified by either a filename or a keystore reference ("store:obj").
qcatool was written by Justin Karneges as part of QCA. This manual page was written by Brad Hards.
|qcatool 1.0.0||QCATOOL (1)||August 2007|