logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

pkcstok_migrate - utility to migrate an ICA, CCA, Soft, or EP11 token repository to the FIPS compliant

Contents

Description

       Convert  all  objects  inside  a  token  repository  to the new format introduced with version 3.12.  All
       encrypted data inside the new format is stored using FIPS compliant methods. The new format  affects  the
       token's  master  key  files (MK_SO and MK_USER), the NVTOK.DAT, and the token object files in the TOK_OBJ
       folder.

       While using this tool no process using the  token  to  be  migrated  must  be  running.   Especially  the
       pkcsslotd must be stopped before running this tool.

       The  tool  creates a backup of the token repository to be migrated, and performs all migration actions on
       this backup, leaving the original repository folder completely untouched. The backup folder is located in
       the same directory as the original repository and is suffixed with _PKCSTOK_MIGRATE_TMP.

       After a successful migration, the original repository is renamed with a suffix of  _BAK  and  the  backup
       folder  is  renamed  to  the original repository name, so that the migrated repository can immediately be
       used. The old folder may be deleted by the user manually later.

       After a successful  migration,  the  tool  adds  parameter  'tokversion  =  3.12'  to  the  token's  slot
       configuration   in   the  opencryptoki.conf  file.  The  original  config  file  is  still  available  as
       opencryptoki.conf_BAK and may be removed by the user manually.

       After an unsuccessful migration, the original repository is still available unchanged.

       The pkcstok_migrate utility must be run as root.

Name

       pkcstok_migrate  -  utility  to migrate an ICA, CCA, Soft, or EP11 token repository to the FIPS compliant
       format introduced with openCryptoki 3.12.

Options Summary

--slotid-sSLOT-NUMBER
                 specifies the token slot number of the token repository to be migrated

       --datastore-dDATASTORE
                 specifies the directory of the token repository to be migrated.

       --confdir-cCONFDIR
                 specifies the directory where the opencryptoki.conf file is located.

       --sopin-pSOPIN
                 specifies the SO pin. If not specified, the SO pin is prompted.

       --userpin-uUSERPIN
                 specifies the user pin. If not specified, the user pin is prompted.

       --verbose-vLEVEL
                 specifies the verbose level: none, error, warn, info, devel, debug

       --help-h show usage information

See Also

pkcsconf(1),
       opencryptoki(7),
       pkcsslotd(8).

3.24                                                June 2020                                 PKCSTOK_MIGRATE(1)

Synopsis

pkcstok_migrate [-h]
       pkcstok_migrate--slotidslot-number--datastoredatastore--confdirconfdir [--sopinsopin]  [--userpinuserpin] [--verboselevel]

See Also

Installerpedia
sebastianruder/NLP-progress Installerpedia
MCP
Token-info-mcp Mcp
Man Pages
migrate Man Pages
Man Pages
pkcstok_admin Man Pages
Man Pages
original Man Pages
Man Pages
gitignore Man Pages
Folder
Folder PNG Icons
User
User PNG Icons
Man Pages
App::annex_to_annex_dropunused Man Pages
← View User commands Category← Back to Compilers and assemblers🙏  Credits & Acknowledgments