Command utility
The Command utility is a tool for the command line or shell to provide some basic diagnostic and management abilities. For more information about the commands below, see Net iD Client CLI commands.
| When running the command utility as an administrator, options for virtual tokens are available. |
Options
==============================================================================
Net iD 1.0
==============================================================================
Command Tool Menu:
[0] Quit - Quit with no action
[1] System - View system information
[2] View - View token information
[3] List - List token objects
[4] Token - Manage token
[5] PIN - Manage token credentials
[6] Utility - Utility commands
Select:
1 — System
The system command gives information about the current system.
------------------------------------------------------------------------------
System information:
Version - Net iD 1.0.0.12
System - Microsoft Windows 10 - 1909
Engine - Microsoft Primitive Provider
User - SYSTEM
Computer - SM-USER
UniqueId - 9C:7B:EF:9E:A5:CC
------------------------------------------------------------------------------
- Version
-
The current version of the Client.
- System
-
The platform name and version.
- Engine
-
An optional cryptographic engine that will be used instead of internal.
- User
-
The current logged on user.
- Computer
-
The name of the current device.
- UniqueId
-
The unique identifier for the device.
The information shown is based on the execution environment of the Client core (PKCS#11 library). This may be different from the execution environment that you are running the command utility when you have activated remote/virtual PKCS#11.
2 — View
The view command shows information about the token.
------------------------------------------------------------------------------
Token Information
Label: NIST SP 800-73 [PIV]
Number: 9801 1000 0001 2345
Model: YubiKey 4.3.5
Manufacturer: Yubico
Update count: 00 00 2001 0800
Status: Open (0/512)
Slot: Yubico Yubikey 4 OTP+U2F+CCID 0 (10)
------------------------------------------------------------------------------
- Label
-
The token label.
- Number
-
The token number.
- Model
-
The token model.
- Manufacturer
-
The token manufacturer.
- Update count
-
The update counter for token. The value depends on token type and the only good interpretation is that all possible caching should be thrown away when the value changes.
- Status
-
The current token status on the form:
Status: <token status> <PIN status> <open sessions>- token status
-
-
Open — logged in
-
Closed — not logged in.
-
- PIN status (if any)
-
-
PIN COUNT LOW
-
PIN FINAL TRY
-
PIN LOCKED
-
- open sessions
-
Number of open sessions and maximum number of sessions towards PKCS11. For more information, see MaxSession and MaxContexts.
- Slot
-
The token slot name with token slot ID in parentheses.
3 — List
The list command shows information about token objects and should be easy to understand.
------------------------------------------------------------------------------
Certificates
[00] Label: 'Sylvia Trench (SecMaker CA v3)'
Name: 'Sylvia Trench, 005, SecMaker AB'
Validity: 2018-10-01 > 2020-09-30
Thumbprint: 8F7A44C1B7B97189D21EAE9996B84EB303B8D3CE
Key ID: 9A
Modifiable: false
------------------------------------------------------------------------------
Private Keys
[00] Label: 'PIV Authentication Key'
Key ID: 9A
Sign: true
Decrypt: true
Unwrap: true
Derive: false
Extractable: false
Modifiable: false
Type: rsa-2048
------------------------------------------------------------------------------
Public Keys
[00] Label: 'X.509 Certificate for PIV Authentication'
Key ID: 9A
Verify: true
Encrypt: false
Wrap: true
Derive: false
Modifiable: false
Type: rsa-2048
------------------------------------------------------------------------------
4 — Token
The token command is used to manage the token. It is a more user-friendly version of the command line token command. See token for more information.
------------------------------------------------------------------------------
Manage token:
[0] Initialize - Initialize an existing token
[1] Reset - Reset an existing token
[2] Create - Create a new token
[3] Delete - Delete an existing token
[4] Counter - Reset token update counter
[5] Abort
------------------------------------------------------------------------------
5 — PIN
The PIN command is used to manage the token credentials. All options are available, even those not supported by a specific token, to allow override of bad configuration.
------------------------------------------------------------------------------
Manage token credentials:
[0] Login PIN - Login token with PIN
[1] Login SOKEY - Login token with SO-KEY
[2] Logout - Logout token
[3] Change PIN - Change token PIN
[4] Change PUK - Change token PUK
[5] Change SOKEY - Change token SO-KEY
[6] Unlock PIN - Unlock token PIN
[7] Abort
------------------------------------------------------------------------------
6 — Utility
------------------------------------------------------------------------------
Select action:
[0] List CAPI - List certificate in CryptoAPI store
[1] Register CAPI - Register certificate to CryptoAPI store
[2] Abort
------------------------------------------------------------------------------
The current status of certificate registration to CryptoAPI is not easy to see, although the functionality to dump this to trace from the command line has been added. The same problem is for registration. The actions above are the same command line arguments as mentioned earlier, but presented more user-friendly:
$ netid.exe -capi dump
$ netid.exe -capi move
$ netid.exe -csp move
$ netid.exe -ksp move