aboutsummaryrefslogtreecommitdiff
path: root/openssl/agent/pkcs11/options.cli
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2018-10-15 21:08:04 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2018-10-17 15:02:42 +0300
commitde91921561092689369b56c54950474e0a86e66f (patch)
treea9949058021d911db1106b1a2e4d9e0e9281de16 /openssl/agent/pkcs11/options.cli
parentfb65c93daaf369157bd712f2c4c20161c4840b94 (diff)
Add implementation
Diffstat (limited to 'openssl/agent/pkcs11/options.cli')
-rw-r--r--openssl/agent/pkcs11/options.cli79
1 files changed, 79 insertions, 0 deletions
diff --git a/openssl/agent/pkcs11/options.cli b/openssl/agent/pkcs11/options.cli
new file mode 100644
index 0000000..9c31b53
--- /dev/null
+++ b/openssl/agent/pkcs11/options.cli
@@ -0,0 +1,79 @@
+// file : openssl/agent/pkcs11/options.cli
+// copyright : Copyright (c) 2014-2018 Code Synthesis Ltd
+// license : MIT; see accompanying LICENSE file
+
+include <openssl/options.cli>;
+
+"\section=1"
+"\name=openssl-agent-pkcs11"
+"\summary=OpenSSL PKCS#11 key agent"
+
+namespace openssl
+{
+ namespace agent
+ {
+ namespace pkcs11
+ {
+ {
+ "<options> <url>",
+
+ "
+ \h|SYNOPSIS|
+
+ \c{\b{openssl-agent-pkcs11 --help}\n
+ \b{openssl-agent-pkcs11 --version}\n
+ \b{openssl-agent-pkcs11} [<options>] <url>}
+
+ \h|DESCRIPTION|
+
+ The \cb{PKCS#11} key agent prompts for a PIN for the specified token
+ and forks off the daemon, which unlocks the key, opens a UNIX domain
+ socket, and waits for cryptographic operation requests from the
+ OpenSSL client \l{openssl-client(1)}. The agent also prints to
+ \cb{stdout} a shell script fragment that sets the environment
+ variables necessary for locating the agent. See the ENVIRONMENT
+ section for details.
+
+ The daemon can be run in the simulation mode without actually logging
+ into the \cb{PKCS#11} token. If the \cb{--simulate} option is
+ specified with the \cb{success} outcome, the daemon pretends to unlock
+ the requested key and responds with a dummy signature to the
+ subsequent data signing requests. The \cb{failure} outcome causes the
+ daemon to exit with non-zero status, as if it failed to find the key.
+ This mode is mostly useful for testing.
+ "
+ }
+
+ class options
+ {
+ "\h|OPTIONS|"
+
+ bool --help {"Print usage information and exit."}
+ bool --version {"Print version and exit."}
+
+ simulate_outcome --simulate
+ {
+ "<outcome>",
+ "Run the daemon in the simulation mode."
+ }
+ };
+
+ "
+ \h|ENVIRONMENT|
+
+ The printed shell script fragment sets the
+ \cb{OPENSSL_AGENT_PKCS11_SOCK} and \cb{OPENSSL_AGENT_PKCS11_PID}
+ environment variables. The former refers to the Unix-domain socket that
+ should be used by \cb{openssl-client(1)} for communicating with the
+ daemon. The latter contains the daemon process id that can be used to
+ terminate the daemon by sending it the \cb{SIGTERM} signal.
+ "
+
+ "
+ \h|EXIT STATUS|
+
+ Non-zero exit status is returned in case of an error.
+ "
+ }
+ }
+}