Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
11.2. Usage
- Check the version of
tkstoolby running the following command:tkstool -V
tkstool -VCopy to Clipboard Copied! Toggle word wrap Toggle overflow This should return output similar to the following:tkstool: Version 1.0
tkstool: Version 1.0Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Create new software databases.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note
A hardware HSM can be used instead of the software database if themodutilutility is first used to insert the HSM slot and token into thesecmod.dbdatabase.If an HSM is used, then the option-hhsm_token must be added to each of commands below. - List the contents of the local software key database.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Create a transport key called
transport.tkstool -T -d . -n transport
tkstool -T -d . -n transportCopy to Clipboard Copied! Toggle word wrap Toggle overflow - When prompted, fill in the database password, then type in some noise to seed the random number generator.
- The session key share and corresponding KCV are displayed. Write down both of these.
- Run the following command to produce an identical transport key; this is generally used within another set of databases which need to use identical transport keys. When this is run, multiple session key shares and KCVs are generated. Write down all of this information.
tkstool -I -d . -n verify_transport
tkstool -I -d . -n verify_transportCopy to Clipboard Copied! Toggle word wrap Toggle overflow Responses similar to the following appear:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - List the contents of the key database again.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Use the transport key to generate and wrap a master key, and store the master key in a file called
file.Copy to Clipboard Copied! Toggle word wrap Toggle overflow - List the contents of the software key database again.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note
The order of the keys is not important, and some systems may display the keys in a different order. - Use the transport key to generate and unwrap a master key called
unwrapped_masterstored in a file calledfile.Copy to Clipboard Copied! Toggle word wrap Toggle overflow - List the contents of the key database to show all keys.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Delete a key from the database.
tkstool -D -d . -n wrapped_master Enter Password or Pin for "NSS Certificate DB": tkstool: 1 key(s) called "wrapped_master" were deleted
tkstool -D -d . -n wrapped_master Enter Password or Pin for "NSS Certificate DB": tkstool: 1 key(s) called "wrapped_master" were deletedCopy to Clipboard Copied! Toggle word wrap Toggle overflow - List the contents of the key database again to show all keys.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}