Command utility
The Command utility is a tool for the command line or shell to provide some basic diagnostic and management abilities. For more information about the commands below, see Net iD Client CLI commands.
When running the command utility as an administrator, options for virtual tokens are available. |
Options
============================================================================== Net iD Command Tool 1.1.5 ============================================================================== [0] Quit - Quit with no action [1] System - View system information [2] View - View token information [3] List - List token objects [4] Token - Manage token [5] PIN - Manage token credentials [6] Utility - Utility commands Select:
1 – System
The system command gives information about the current system.
System information: [00] Version: Net iD Client 1.1.5.27 Platform: Microsoft Windows 10 - 1909 Engine: Microsoft Primitive Provider Computer: PS-TEST UniqueId: 9C:7B:EF:9E:A5:CC UserName: SYSTEM
- Version
-
The current version of the Client.
- Platform
-
The platform name and version.
- Engine
-
An optional cryptographic engine that will be used instead of internal.
- Computer
-
The name of the current device.
- UniqueId
-
The unique identifier for the device.
- UserName
-
The current logged on user.
The information shown is based on the execution environment of the Client core (PKCS#11 library). This may be different from the execution environment that you are running the command utility when you have activated remote/virtual PKCS#11.
2 – View
The view command shows information about the token.
Token Information Label: NIST SP 800-73 [PIV] Number: 9801 1000 0001 2345 Model: YubiKey 4.3.5 Manufacturer: Yubico Update count: 00 00 2001 0800 Status: Open (0/512) Slot: Yubico Yubikey 4 OTP+U2F+CCID 0 (10)
- Label
-
The token label.
- Number
-
The token number.
- Model
-
The token model.
- Manufacturer
-
The token manufacturer.
- Update count
-
The update counter for token. The value depends on token type and the only good interpretation is that all possible caching should be thrown away when the value changes.
- Status
-
The current token status on the form:
Status: <token status> <PIN status> <open sessions>
- token status
-
-
Open, logged in
-
Closed, not logged in.
-
- PIN status (if any)
-
-
PIN COUNT LOW
-
PIN FINAL TRY
-
PIN LOCKED
-
- open sessions
-
Number of open sessions and maximum number of sessions towards PKCS11. For more information, see MaxSession and MaxContexts.
- Slot
-
The token slot name with token slot ID in parentheses.
3 – List
The list command shows information about token objects and should be easy to understand.
Certificates [00] Label: 'Sylvia Trench (Pointsharp CA v3)' Name: 'Sylvia Trench, 005, Pointsharp AB' Validity: 2018-10-01 > 2020-09-30 Thumbprint: 8F7A44C1B7B97189D21EAE9996B84EB303B8D3CE Key ID: 9A Modifiable: false ------------------------------------------------------------------------------ Private Keys [00] Label: 'PIV Authentication Key' Key ID: 9A Sign: true Decrypt: true Unwrap: true Derive: false Extractable: false Modifiable: false Type: rsa-2048 ------------------------------------------------------------------------------ Public Keys [00] Label: 'X.509 Certificate for PIV Authentication' Key ID: 9A Verify: true Encrypt: false Wrap: true Derive: false Modifiable: false Type: rsa-2048
4 – Token
The token command is used to manage the token. It is a more user-friendly version of the command line token command. See token for more information.
Manage token: [0] Initialize - Initialize an existing token [1] Reset - Reset an existing token [2] Create - Create a new token [3] Delete - Delete an existing token [4] Counter - Update token update counter [5] Mechanisms - Show available mechanisms [6] Abort Select:
5 – PIN
The PIN command is used to manage the token PINs. All options are available, even those not supported by a specific token, to allow override of bad configuration.
Manage token credentials: [0] Login PIN - Login token with PIN [1] Login SOKEY - Login token with SO-KEY [2] Logout - Logout token [3] Change PIN - Change token PIN [4] Change PUK - Change token PUK [5] Change SOKEY - Change token SO-KEY [6] Unlock PIN - Unlock token PIN [7] Abort Select:
6 – Utility
Select action: [0] List CAPI - List certificate in CryptoAPI store [1] Register CAPI - Register certificate to CryptoAPI store [2] Remote state - Check remote state [3] Abort
- Remote state
-
Remote state checks the current state for remote components, number of active connections, and opened contexts or sessions.
The current status of certificate registration to CryptoAPI is not easy to see, although the functionality to dump this to trace from the command line has been added. The same problem is for registration. The actions above are the same command line arguments as mentioned earlier, but presented more user-friendly:
$ netid.exe -capi dump
$ netid.exe -capi move
$ netid.exe -csp move
$ netid.exe -ksp move