The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards / tokens. Users can create PINs, keys and certificates stored on the card / token. User PIN authentication is performed for those operations that require it.
--change-pin, -nChanges a PIN stored on the card. User authentication is required for this operation.
--certificate file, -t fileWrite certificate file file in PEM format to the card. User authentication is required for this operation.
--finalize, -fFinalize the card. Once finalized the default key is invalidated, so PIN and PUK cannot be changed anymore without user authentication.
Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key is enough).
--generate-key, -gGenerate a private key on the card. The card must not have been finalized and a PIN must be installed (ie. the file for ithe PIN must havei been created, see option -i). By default the key length is 1536 bits. User authentication is required for this operation.
--help, -hPrint help message on screen.
--install-pin, -iInstall PIN file in on the card. You must provide a PIN value with -x.
--key-length length, -l lengthChange the length of private key. Use with -g.
--overwrite-key, -oOverwrite the key if there is already a key on the card.
--pin-value value, -x valueSet value of PIN. If set to env:VARIABLE, the value of the environment variable VARIABLE is used.
--puk-value value, -y valueset value of PUK (or value of new PIN for change PIN command see -n). If set to env:VARIABLE, the value of the environment variable VARIABLE is used.
--read-file path, -j pathRead the file path from the card. The file is written on disk with name path. User authentication is required for this operation.
--reader num, -r numUse the given reader. The default is the first reader with a card.
--unblock-pin, -uUnblocks a PIN stored on the card. Knowledge of the PIN Unblock Key (PUK) is required for this operation.
-vCauses westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library.
--wait, -wWait for a card to be inserted.
--write-file path, -k pathPut the file with name path from disk to card. On the card the file is written in path. User authentication is required for this operation.
westcos-tool was written by Francois Leblanc email@example.com.