Sponsor:

Your company here — click to reach over 10,000 unique daily visitors

cvc-create - Man Page

manual page for cvc-create 1.1.2

Synopsis

cvc-create [OPTION]...

Description

Create a card verifiable certificate

-h,  --help

Print help and exit

-V,  --version

Print version and exit

--out-cert=FILENAME

Where to save the certificate (default=`CHR.cvcert')

--role=ENUM

The terminal's role  (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")

--type=STRING

Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer')

--chat=HEXSTRING

Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).

--issued=YYMMDD

Date the certificate was issued  (default=`today')

--expires=YYMMDD

Date until the certicate is valid

--sign-with=FILENAME

Private key for signing the new certificate

--scheme=ENUM

Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")

Mode: csr

The properties of the certificate are derived from the given signing request.

--csr=FILENAME

Certificate signing request with the attributes

Mode: manual

The properties of the certificate are derived from the command line switches.

--chr=CCH...HSSSSS

Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)

--sign-as=FILENAME

CV certificate of the entity signing the new certificate  (default=`self signed')

--key=FILENAME

Private key of the Terminal  (default=`derived from signer')

--out-key=FILENAME

Where to save the derived private key (default=`CHR.pkcs8')

Options for an Authentication Terminal (AT)

--out-desc=FILENAME

Where to save the encoded certificate description (default=`CHR.desc')

--cert-desc=FILENAME

Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)

--issuer-name=STRING

Name of the issuer of this certificate (certificate description)

--issuer-url=URL

URL that points to informations about the issuer of this certificate (certificate description)

--subject-name=STRING

Name of the holder of this certificate (certificate description)

--subject-url=URL

URL that points to informations about the subject of this certificate (certificate description)

--write-dg17

Allow writing DG 17 (Normal Place of Residence) (default=off)

--write-dg18

Allow writing DG 18 (Community ID)  (default=off)

--write-dg19

Allow writing DG 19 (Residence Permit I) (default=off)

--write-dg20

Allow writing DG 20 (Residence Permit II) (default=off)

--write-dg21

Allow writing DG 21 (Optional Data)  (default=off)

--at-rfu32

Allow RFU R/W Access bit 32  (default=off)

--at-rfu31

Allow RFU R/W Access bit 31  (default=off)

--at-rfu30

Allow RFU R/W Access bit 30  (default=off)

--at-rfu29

Allow RFU R/W Access bit 29  (default=off)

--read-dg1

Allow reading DG 1   (Document Type) (default=off)

--read-dg2

Allow reading DG 2   (Issuing State) (default=off)

--read-dg3

Allow reading DG 3   (Date of Expiry) (default=off)

--read-dg4

Allow reading DG 4   (Given Names)  (default=off)

--read-dg5

Allow reading DG 5   (Family Names)  (default=off)

--read-dg6

Allow reading DG 6   (Religious/Artistic Name) (default=off)

--read-dg7

Allow reading DG 7   (Academic Title) (default=off)

--read-dg8

Allow reading DG 8   (Date of Birth) (default=off)

--read-dg9

Allow reading DG 9   (Place of Birth) (default=off)

--read-dg10

Allow reading DG 10  (Nationality)  (default=off)

--read-dg11

Allow reading DG 11  (Sex)  (default=off)

--read-dg12

Allow reading DG 12  (Optional Data) (default=off)

--read-dg13

Allow reading DG 13  (default=off)

--read-dg14

Allow reading DG 14  (default=off)

--read-dg15

Allow reading DG 15  (default=off)

--read-dg16

Allow reading DG 16  (default=off)

--read-dg17

Allow reading DG 17  (Normal Place of Residence) (default=off)

--read-dg18

Allow reading DG 18  (Community ID)  (default=off)

--read-dg19

Allow reading DG 19  (Residence Permit I) (default=off)

--read-dg20

Allow reading DG 20  (Residence Permit II) (default=off)

--read-dg21

Allow reading DG 21  (Optional Data) (default=off)

--install-qual-cert

Allow installing qualified certificate (default=off)

--install-cert

Allow installing certificate  (default=off)

--pin-management

Allow PIN management  (default=off)

--can-allowed

CAN allowed  (default=off)

--privileged

Privileged terminal  (default=off)

--rid

Allow restricted identification  (default=off)

--verify-community

Allow community ID verification  (default=off)

--verify-age

Allow age verification  (default=off)

Options for a Signature Terminal (ST)

--st-rfu5

Allow RFU bit 5  (default=off)

--st-rfu4

Allow RFU bit 4  (default=off)

--st-rfu3

Allow RFU bit 3  (default=off)

--st-rfu2

Allow RFU bit 2  (default=off)

--gen-qualified-sig

Generate qualified electronic signature (default=off)

--gen-sig

Generate electronic signature  (default=off)

Options for an Inspection System (IS)

--read-eid

Read access to eID application (Deprecated) (default=off)

--is-rfu4

Allow RFU bit 4  (default=off)

--is-rfu3

Allow RFU bit 3  (default=off)

--is-rfu2

Allow RFU bit 2  (default=off)

--read-iris

Read access to ePassport application: DG 4 (Iris) (default=off)

--read-finger

Read access to ePassport application: DG 3 (Fingerprint)  (default=off)

Author

Written by Frank Morgner <frankmorgner@gmail.com>

Reporting Bugs

Report bugs to https://github.com/frankmorgner/openpace/issues

Info

August 2022 OpenPACE 1.1.2