westcos-tool - utility for manipulating data structures on westcos smart cards

westcos-tool was written by Francois Leblanc <francois.leblanc@cev-sa.com>.

opensc                                             03/22/2025                                    WESTCOS-TOOL(1)

       The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards / tokens.
       Users can create PINs, keys and certificates stored on the card / token. User PIN authentication is
       performed for those operations that require it.

       westcos-tool - utility for manipulating data structures on westcos smart cards

--change-pin, -n
           Changes a PIN stored on the card. User authentication is required for this operation.

       --certificatefile, -tfile
           Write certificate file file in PEM format to the card. User authentication is required for this
           operation.

       --finalize, -f
           Finalize the card. Once finalized the default key is invalidated, so PIN and PUK cannot be changed
           anymore without user authentication.

           Warning, un-finalized cards are insecure because the PIN can be changed without user authentication
           (knowledge of default key is enough).

       --generate-key, -g
           Generate a private key on the card. The card must not have been finalized and a PIN must be installed
           (i.e. the file for the PIN must have been created, see option -i). By default the key length is 2048
           bits. User authentication is required for this operation.

       --help, -h
           Print help message on screen.

       --install-pin, -i
           Install PIN file in on the card. You must provide a PIN value with -x.

       --key-lengthlength, -llength
           Change the length of private key. Use with -g.

       --overwrite-key, -o
           Overwrite the key if there is already a key on the card.

       --pin-valuepin, -xpin--puk-valuepuk, -ypuk
           These options can be used to specify the PIN/PUK values on the command line. If the value is set to
           env:VARIABLE, the value of the specified environment variable is used. By default, the code is
           prompted on the command line if needed.

           Note that on most operation systems, any user can display the command line of any process on the
           system using utilities such as ps(1). Therefore, you should prefer passing the codes via an
           environment variable on an unsecured system.

       --read-filefilename, -jfilename
           Read the file filename from the card. The file is written on disk with name filename. User
           authentication is required for this operation.

       --readerarg, -rarg
           Number of the reader to use. By default, the first reader with a present card is used. If arg is an
           ATR, the reader with a matching card will be chosen.

       --unblock-pin, -u
           Unblocks a PIN stored on the card. Knowledge of the PIN Unblock Key (PUK) is required for this
           operation.

       --verbose-v
           Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the
           OpenSC library.

       --wait, -w
           Wait for a card to be inserted.

       --write-filefilename, -kfilename
           Put the file with name filename from disk to card. On the card the file is written in filename. User
           authentication is required for this operation.

westcos-tool [OPTIONS]