etoken-mkproxy(1)

NAME

etoken-mkproxy - generate a X509 proxy from an eToken grid certificate

SYNOPSIS

etoken-mkproxy [--help|--version]
etoken-mkproxy   [--debug|--quiet]  [--limited]  [--old|--gt3|--rfc]  [
--days=N ] [ --path-length=N ] [  --bits=N  ]  [  --out=proxyfile  ]  [
--slot=N ] [ --label=string ] [ --id=string ]

DESCRIPTION

etoken-mkproxy makes a X509 grid proxy using a public/private key pair found on an attached Aladdin eToken Pro.

If no options are specified, the proxy will be stored in /tmp and have a lifetime of 1 day. The user is asked for the PIN of the token.

OPTIONS

There are several options to tune the kind of proxy that is made.

--help Displays usage.

--version
Displays version.
--debug
Enables extra debug output.
--quiet
Quiet mode, minimal output.
--limited
Creates a limited globus proxy (default is unlimited).
--old Creates a legacy globus proxy (default).
--gt3 Creates a pre-RFS 3820 compliant proxy.
--rfc Creates a RFC 3820 compliant proxy.
--days=N
Number of days the proxy is valid.
--path-length=N
Allow a chain of at most N proxies to be generated from
this one (default=2).
--bits=N
Number of bits in key (512, 1024, 2048, default=512).
--out=proxyfile
Non-standard location of new proxy cert. The default
location is /tmp/x509up_<uid>
--slot=N
Slot number where eToken is located (default=0).
--label=string, --id=string
The label or the ID of the X509 certificate on the eToken. Use this option if your token contains more than one
certificate. Without this option, the first certificate
is chosen. You don't have to specify the full label or
ID, a unique substring will do. If you want to see which
certificates are on the token, use
pkcs11-tool --module libetpkcs11.so -O

USAGE

Make sure that the eToken is inserted in your computer and the
light on the token is on. If not, you may need to restart the
etokend daemon or the pcscd daemon. Run etoken-mkproxy and type the token PIN at the prompt.

EXAMPLES

Here is a typical transcript of the program.
$ etoken-mkproxy
Starting Aladdin eToken PRO proxy generation
Found X.509 certificate on eToken:
label: Imported Certificate
id: 8ce1d82219f4b5e9252579c377bac19a8e3afc55
Your identity: /O=dutchgrid/O=users/O=nikhef/CN=Jane Doe
Generating a 512 bit RSA private key
writing new private key to 'proxykey.R26971'
----engine "pkcs11" set.
Signature ok
subject=/O=dutchgrid/O=users/O=nikhef/CN=Jane
Doe/CN=proxy
Getting CA Private Key
PKCS#11 token PIN: ****
Your proxy is valid until: Sat Jun 9 02:56:30 CEST 2007

FILES

/tmp/x509up_<uid> The default location of the generated proxy,
where uid is the numeric Unix user id.

SEE ALSO

openssl(1ssl), x509(1ssl).

AUTHOR

The etoken-mkproxy program was written by Jan Just Keijser <janjust@nikhef.nl>.

eToken is a trademark of Aladdin Knowledge Systems, Ltd.

VL-e Consortium 2007-06-08 ETOKEN-MKPROXY(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout