diff options
author | Karen Arutyunov <karen@codesynthesis.com> | 2018-10-15 21:08:04 +0300 |
---|---|---|
committer | Karen Arutyunov <karen@codesynthesis.com> | 2018-10-17 15:02:42 +0300 |
commit | de91921561092689369b56c54950474e0a86e66f (patch) | |
tree | a9949058021d911db1106b1a2e4d9e0e9281de16 /openssl/agent/pkcs11/options.cli | |
parent | fb65c93daaf369157bd712f2c4c20161c4840b94 (diff) |
Add implementation
Diffstat (limited to 'openssl/agent/pkcs11/options.cli')
-rw-r--r-- | openssl/agent/pkcs11/options.cli | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/openssl/agent/pkcs11/options.cli b/openssl/agent/pkcs11/options.cli new file mode 100644 index 0000000..9c31b53 --- /dev/null +++ b/openssl/agent/pkcs11/options.cli @@ -0,0 +1,79 @@ +// file : openssl/agent/pkcs11/options.cli +// copyright : Copyright (c) 2014-2018 Code Synthesis Ltd +// license : MIT; see accompanying LICENSE file + +include <openssl/options.cli>; + +"\section=1" +"\name=openssl-agent-pkcs11" +"\summary=OpenSSL PKCS#11 key agent" + +namespace openssl +{ + namespace agent + { + namespace pkcs11 + { + { + "<options> <url>", + + " + \h|SYNOPSIS| + + \c{\b{openssl-agent-pkcs11 --help}\n + \b{openssl-agent-pkcs11 --version}\n + \b{openssl-agent-pkcs11} [<options>] <url>} + + \h|DESCRIPTION| + + The \cb{PKCS#11} key agent prompts for a PIN for the specified token + and forks off the daemon, which unlocks the key, opens a UNIX domain + socket, and waits for cryptographic operation requests from the + OpenSSL client \l{openssl-client(1)}. The agent also prints to + \cb{stdout} a shell script fragment that sets the environment + variables necessary for locating the agent. See the ENVIRONMENT + section for details. + + The daemon can be run in the simulation mode without actually logging + into the \cb{PKCS#11} token. If the \cb{--simulate} option is + specified with the \cb{success} outcome, the daemon pretends to unlock + the requested key and responds with a dummy signature to the + subsequent data signing requests. The \cb{failure} outcome causes the + daemon to exit with non-zero status, as if it failed to find the key. + This mode is mostly useful for testing. + " + } + + class options + { + "\h|OPTIONS|" + + bool --help {"Print usage information and exit."} + bool --version {"Print version and exit."} + + simulate_outcome --simulate + { + "<outcome>", + "Run the daemon in the simulation mode." + } + }; + + " + \h|ENVIRONMENT| + + The printed shell script fragment sets the + \cb{OPENSSL_AGENT_PKCS11_SOCK} and \cb{OPENSSL_AGENT_PKCS11_PID} + environment variables. The former refers to the Unix-domain socket that + should be used by \cb{openssl-client(1)} for communicating with the + daemon. The latter contains the daemon process id that can be used to + terminate the daemon by sending it the \cb{SIGTERM} signal. + " + + " + \h|EXIT STATUS| + + Non-zero exit status is returned in case of an error. + " + } + } +} |