Command mode is entered when gskkyman is entered with parameters.
The requested token/database function is performed and then the utility
exits.
- gskkyman command-mode key database file display
When
the key database password is correctly entered:
Command:
gskkyman -dk -k example.kdb
Output:
Database: /home/sufwl1/ssl_cmd/example.kdb
Expiration Date: 2025/12/02 10:11:12
Record length: 5000
- gskkyman command-mode certificate display
Command:
gskkyman -dc -k example.kdb -l 'Test User'
Output
for a single certificate:
Label:
<Test User>
Trusted:
Yes
Version:
3
Serial number:
45ac4d23000a6023
Issuer's Name:
<CN=Test CA,OU=Test unit,O=IBM, L=Endicott, ST=NY, C=US>
Subject's Name:
<CN=Test User,OU=Test unit,O=IBM, L=Endicott, ST=NY, C=US>
Effective date:
2010/01/16 21:02:02
Expiration date:
2015/01/16 21:02:02
Signature algorithm:
sha1WithRsaEncryption
Issuer unique ID:
None
Subject unique ID:
None
Public key algorithm:
rsaEncryption
Public key size:
1024
Public key:
30 81 89 02 81 81 00 9A 9A BC 53 49 50 8B AF F9
AF 00 A1 F3 A6 80 3A DA 2C A5 7C 65 A0 00 96 FA
1A 71 74 74 B4 2A 95 92 AC 1D 76 F1 97 37 D3 BC
06 8B DC 83 2F 7F 08 B0 EA 1F F8 71 AC 8F 96 3E
6E DA F5 F8 D0 A6 51 A4 AF E6 21 F5 50 AC B7 06
83 BF 88 48 DF 51 DB 18 BF EC 7C 72 DA ED 6C 82
28 93 7C AE 12 E8 CD 55 16 E1 05 53 63 C1 84 D1
91 AD 3E E5 70 87 00 0C 14 40 92 D9 6E DD ED 07
81 9D 93 34 DC 1F 05 02 03 01 00 01
Private key:
Yes
Default key:
No
Certificate extensions:
4
- gskkyman command-mode PKCS #11 token certificate display
Command:
gskkyman -dc -t my.token -l rsa1024CASecure
Output:
Label:
<rsa1024CASecure>
Trusted:
Yes
Version:
3
Serial number:
00
Issuer's Name:
<CN=rsa CA linecmd 1,OU=ibm,O=stg,C=US>
Subject's Name:
<CN=rsa CA linecmd 1,OU=ibm,O=stg,C=US>
Effective Date:
2012/06/06 04:00:00
Expiration Date:
2025/11/01 03:59:59
Signature algorithm:
sha1WithRsaEncryption
Issuer unique ID:
None
Subject unique ID:
None
Public key algorithm:
rsaEncryption
Public key size:
1024
Public key:
30 81 89 02 81 81 00 A8 CF 98 A5 EE A9 F3 FD 59
A6 6F F8 F1 CF 85 00 26 DA D3 04 52 EA E0 94 62
B4 DB 32 FC A7 AE E8 BF 1C 0B 6B A8 78 25 BF D4
9C BE 1E 15 8C 37 36 F2 94 E9 5F 58 8B CB CB BB
FA AF 47 BD 5D BA 77 C2 B6 8B 15 91 C7 5A B1 28
62 BB 23 80 80 50 DB 2F 49 38 9C B6 4D 0E 2F EC
87 63 E5 AE 99 EC 9D 87 A7 94 D4 BF EA A1 0E F0
00 56 C7 A6 9E 25 18 BF F6 2F 7B D4 E1 C4 91 E4
9F F0 50 DE 3D 94 3D 02 03 01 00 01
Private key:
Yes
Private key type:
Secure
Default key:
Yes
Certificate extensions:
3
- gskkyman command-mode certificate display (verbose)
Command:
gskkyman -dcv -k example.kdb -l 'Test User'
Verbose
output for a single certificate:
Label:
<Test User>
Trusted:
Yes
Version:
3
Serial number:
45ac4d23000a6023
Issuer's Name:
<CN=Test CA,OU=Test unit,O=IBM, L=Endicott, ST=NY, C=US>
Subject's Name:
<CN=Test User,OU=Test unit,O=IBM, L=Endicott, ST=NY, C=US>
Effective date:
2010/01/16 21:02:02
Expiration date:
2015/01/16 21:02:02
Signature algorithm:
sha1WithRsaEncryption
Issuer unique ID:
None
Subject unique ID:
None
Public key algorithm:
rsaEncryption
Public key size:
1024
Public key:
30 81 89 02 81 81 00 9A 9A BC 53 49 50 8B AF F9
AF 00 A1 F3 A6 80 3A DA 2C A5 7C 65 A0 00 96 FA
1A 71 74 74 B4 2A 95 92 AC 1D 76 F1 97 37 D3 BC
06 8B DC 83 2F 7F 08 B0 EA 1F F8 71 AC 8F 96 3E
6E DA F5 F8 D0 A6 51 A4 AF E6 21 F5 50 AC B7 06
83 BF 88 48 DF 51 DB 18 BF EC 7C 72 DA ED 6C 82
28 93 7C AE 12 E8 CD 55 16 E1 05 53 63 C1 84 D1
91 AD 3E E5 70 87 00 0C 14 40 92 D9 6E DD ED 07
81 9D 93 34 DC 1F 05 02 03 01 00 01
Private key:
Yes
Default key:
No
Critical Extension:
keyUsage:
Digital signature
Non-repudiation
Key encipherment
Data encipherment
Non-critical Extension: 1
subjectAltName:
EMAIL:
<test@ibm.com>
Non-critical Extension: 2
subjectKeyIdentifier:
91 DA 60 24 00 31 0A 75 39 F4 F6 56 D5 AD 35 35
86 2D C6 F8
Non-critical Extension: 3
authorityKeyIdentifier:
Key ID:
19 6E 03 37 AB 8B 0F 7B 9D A3 A6 8F CC B4 A2 CA
AC FA B6 E8
z/OS Cryptographic Services System SSL Programming
Copyright IBM Corporation 1990, 2014