p11-kit man page

p11-kit — Tool for operating on configured PKCS#11 modules


p11-kit list-modules

p11-kit extract ...

p11-kit server ...


p11-kit is a command line tool that can be used to perform operations on PKCS#11 modules configured on the system.

See the various sub commands below. The following global options can be used:

-v, --verbose

Run in verbose mode with debug output.

-q, --quiet

Run in quiet mode without warning or failure messages.

List Modules

List system configured PKCS#11 modules.

$ p11-kit list-modules

The modules, information about them and the tokens present in the PKCS#11 modules will be displayed.


Extract certificates from configured PKCS#11 modules.

This operation has been moved to a separate command trust extract. See trust(1) for more information


Run a server process that exposes PKCS#11 module remotely.

$ p11-kit server /path/to/pkcs11-module.so
$ p11-kit server pkcs11:token-uri

This launches a server that exposes the given PKCS#11 module or token on a local socket. To access the socket, use p11-kit-client.so module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID.

Extract Trust

Extract standard trust information files.

This operation has been moved to a separate command trust extract-compat. See trust(1) for more information


Run a PKCS#11 module remotely.

$ p11-kit remote /path/to/pkcs11-module.so

This is not meant to be run directly from a terminal. But rather in a remote option in a pkcs11.conf(5) file.


Please send bug reports to either the distribution bug tracker or the upstream bug tracker at https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&component=p11-kit.

See Also


Further details available in the p11-kit online documentation at http://p11-glue.freedesktop.org/doc/p11-kit/.

Referenced By

pkcs11.conf(5), trust(1).

p11-kit System Commands