이 콘텐츠는 선택한 언어로 제공되지 않습니다.

11.2. Usage


  1. Check the version of tkstool by running the following command:
    tkstool -V
    
    Copy to Clipboard Toggle word wrap
    This should return output similar to the following:
    tkstool: Version 1.0
    
    Copy to Clipboard Toggle word wrap
  2. Create new software databases.
    tkstool -N -d .
    Enter a password which will be used to encrypt your keys.
    The password should be at least 8 characters long,
    and should contain at least one non-alphabetic character.
    
    Enter new password:
    Re-enter password:
    
    Copy to Clipboard Toggle word wrap

    Note

    A hardware HSM can be used instead of the software database if the modutil utility is first used to insert the HSM slot and token into the secmod.db database.
    If an HSM is used, then the option -h hsm_token must be added to each of commands below.
  3. List the contents of the local software key database.
    tkstool -L -d .
     
    slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB
    
    Enter Password or Pin for "NSS Certificate DB":
    tkstool: the specified token is empty
    
    Copy to Clipboard Toggle word wrap
  4. Create a transport key called transport.
    tkstool -T -d . -n transport
    
    Copy to Clipboard Toggle word wrap
  5. When prompted, fill in the database password, then type in some noise to seed the random number generator.
  6. The session key share and corresponding KCV are displayed. Write down both of these.
  7. Run the following command to produce an identical transport key; this is generally used within another set of databases which need to use identical transport keys. When this is run, multiple session key shares and KCVs are generated. Write down all of this information.
    tkstool -I -d . -n verify_transport
    
    Copy to Clipboard Toggle word wrap
    Responses similar to the following appear:
    Generating first symmetric key . . .
    Generating second symmetric key . . .
    Generating third symmetric key . . .
    Extracting transport key from operational token . . .
         transport key KCV: A428 53BA
    Storing transport key on final specified token . . .
    Naming transport key "transport" . . .
    Successfully generated, stored, and named the transport key!
    
    Copy to Clipboard Toggle word wrap
  8. List the contents of the key database again.
    tkstool -L -d .
    
     slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB
    
    Enter Password or Pin for "NSS Certificate DB":
     0 transport
    
    Copy to Clipboard Toggle word wrap
  9. Use the transport key to generate and wrap a master key, and store the master key in a file called file.
    tkstool -W -d . -n wrapped_master -t transport -o file
    
    Enter Password or Pin for "NSS Certificate DB":
    Retrieving the transport key (for wrapping) from the specified token . . .
    Generating and storing the master key on the specified token . . .
    Naming the master key "wrapped_master" . . .
    Successfully generated, stored, and named the master key!
    Using the transport key to wrap and store the master key . . .
    Writing the wrapped data (and resident master key KCV) into the file 
    called "file" . . .
    
           wrapped data:   47C0 06DB 7D3F D9ED 
                           FE91 7E6F A7E5 91B9
           master key KCV: CED9 4A7B 
           (computed KCV of the master key residing inside the wrapped data)
    
    Copy to Clipboard Toggle word wrap
  10. List the contents of the software key database again.
    tkstool -L -d .
    
     slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB
    
    Enter Password or Pin for "NSS Certificate DB":
     0 wrapped_master
     1 transport
    
    Copy to Clipboard Toggle word wrap

    Note

    The order of the keys is not important, and some systems may display the keys in a different order.
  11. Use the transport key to generate and unwrap a master key called unwrapped_master stored in a file called file.
    tkstool -U -d . -n unwrapped_master -t transport -i file
    
    Enter Password or Pin for "NSS Certificate DB":
    Retrieving the transport key from the specified token (for unwrapping) . . .
    Reading in the wrapped data (and resident master key KCV) from the file 
    called "file" . . .
    
         wrapped data:   47C0 06DB 7D3F D9ED
                         FE91 7E6F A7E5 91B9
         master key KCV: CED9 4A7B
         (pre-computed KCV of the master key residing inside the wrapped data)
    
    Using the transport key to temporarily unwrap the master key to 
    recompute its KCV value to check against its pre-computed KCV value . . .
         master key KCV: CED9 4A7B
         (computed KCV of the master key residing inside the wrapped data)
         master key KCV: CED9 4A7B
         (pre-computed KCV of the master key residing inside the wrapped data)
    
    Using the transport key to unwrap and store the master key on the 
    specified token . . .
    Naming the master key "unwrapped_master" . . .
    Successfully unwrapped, stored, and named the master key!
    
    Copy to Clipboard Toggle word wrap
  12. List the contents of the key database to show all keys.
    tkstool -L -d .
    
     slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB
    
    Enter Password or Pin for "NSS Certificate DB":
     0 unwrapped_master
     1 wrapped_master
     2 transport
    
    Copy to Clipboard Toggle word wrap
  13. Delete a key from the database.
    tkstool -D -d . -n wrapped_master
    
    Enter Password or Pin for "NSS Certificate DB":
    tkstool: 1 key(s) called "wrapped_master" were deleted
    
    Copy to Clipboard Toggle word wrap
  14. List the contents of the key database again to show all keys.
    tkstool -L -d .
    
    slot: NSS User Private Key and Certificate Services
    token: NSS Certificate DB
    
    Enter Password or Pin for "NSS Certificate DB":
     0 unwrapped_master
     1 transport
    
    Copy to Clipboard Toggle word wrap
맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat