SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from OpenSuSE openCryptoki-3.15.1-5.3.1.x86_64.rpm

PKCSTOK_MIGRATE

Section: openCryptoki (1)
Updated: June 2020
Index 

NAME

pkcstok_migrate - utility to migrate an ICA, CCA, Soft, or EP11 token repositoryto the FIPS compliant format introduced with openCryptoki 3.12.

 

SYNOPSIS

pkcstok_migrate [-h]
pkcstok_migrate --slotid slot-number --datastore datastore--confdir confdir [--sopin sopin] [--userpinuserpin] [--verbose level]

 

DESCRIPTION

Convert all objects inside a token repository to the new format introduced withversion 3.12. All encrypted data inside the new format is stored using FIPScompliant methods. The new format affects the token's master key files (MK_SOand MK_USER), the NVTOK.DAT, and the token object files in the TOK_OBJ folder.

While using this tool no process using the token to be migrated must be running.Especially the pkcsslotd must be stopped before running this tool.

The tool creates a backup of the token repository to be migrated, and performsall migration actions on this backup, leaving the original repository foldercompletely untouched. The backup folder is located in the same directory as theoriginal repository and is suffixed with _PKCSTOK_MIGRATE_TMP.

After a successful migration, the original repository is renamed with a suffixof _BAK and the backup folder is renamed to the original repository name, sothat the migrated repository can immediately be used. The old folder may bedeleted by the user manually later.

After a successful migration, the tool adds parameter 'tokversion = 3.12' to thetoken's slot configuration in the opencryptoki.conf file. The original configfile is still available as opencryptoki.conf_BAK and may be removed by the usermanually.

After an unsuccessful migration, the original repository is still availableunchanged.

 

OPTIONS SUMMARY

--slotid -s SLOT-NUMBER
specifies the token slot number of the token repository to be migrated
--datastore -d DATASTORE
specifies the directory of the token repository to be migrated.
--confdir -c CONFDIR
specifies the directory where the opencryptoki.conf file is located.
--sopin -p SOPIN
specifies the SO pin. If not specified, the SO pin is prompted.
--userpin -u USERPIN
specifies the user pin. If not specified, the user pin is prompted.
--verbose -v LEVEL
specifies the verbose level: none, error, warn, info, devel, debug
--help -h
show usage information

 

SEE ALSO

pkcsconf(1),
opencryptoki(7),
pkcsslotd(8).


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS SUMMARY
SEE ALSO

This document was created byman2html,using the manual pages.