p11-kit
See the various sub commands below. The following global options can be used:
-v, --verbose
-q, --quiet
List system configured PKCS#11 modules.
$ p11-kit list-modules
The modules, information about them and the tokens present in the PKCS#11 modules will be displayed.
Extract certificates from configured PKCS#11 modules.
This operation has been moved to a separate command trust extract. See trust(1) for more information
Run a server process that exposes PKCS#11 module remotely.
$ p11-kit server pkcs11:token1 pkcs11:token2 ... $ p11-kit server --provider /path/to/pkcs11-module.so pkcs11:token1 pkcs11:token2 ...
This launches a server that exposes the given PKCS#11 tokens on a local socket. The tokens must belong to the same module. To access the socket, use p11-kit-client.so module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID.
Extract standard trust information files.
This operation has been moved to a separate command trust extract-compat. See trust(1) for more information
Run a PKCS#11 module remotely.
$ p11-kit remote /path/to/pkcs11-module.so $ p11-kit remote pkcs11:token1 pkcs11:token2 ...
This is not meant to be run directly from a terminal. But rather in a remote option in a pkcs11.conf(5) file.
This exposes the given PKCS#11 module or tokens over standard input and output. Those two forms, whether to expose a module or tokens, are mutually exclusive and if the second form is used, the tokens must belong to the same module.
Please send bug reports to either the distribution bug tracker or the upstream bug tracker at m[blue]https://github.com/p11-glue/p11-kit/issues/m[].
Further details available in the p11-kit online documentation at m[blue]https://p11-glue.github.io/p11-glue/p11-kit/manual/m[].