cmu list
This function lists all objects (keys, certificates and other general data objects) on the HSM that match an optional set of search criteria and that are accessible given the authentication state of the HSM. Search criteria can include many of the object attributes that are available for searching via the PKCS #11 API. If no search criteria are defined, all accessible objects are returned. The content of the entries in the returned list is definable and can include the object handle and/or any combination of viewable object attributes. The default is to include the handle and the label (CKA_LABEL).
Syntax
cmu list <parameters>
Required Parameters
None
Optional Parameters
Parameter | Description |
---|---|
-display |
This is a comma-separated list of attributes to be displayed for each returned object in the list. Multiple attributes can also be specified by repeated use of the display option instead of using the comma-separated list. The attributes supported with the display option are index, handle, class, keyType, label and value. If this parameter is omitted, only the handle and the label are displayed. |
-class |
This option defines the class of object to list. It can be set to any of data, certificate, public, private and secret. |
-keyType |
This option specifies the type of keys to list. It can be set to any of rsa, dsa, dh, des, 2des, 3des, rc2, rc4, rc5, cast3, cast5 and generic. |
-certificateType |
This option specifies the type of certificate to list. It can only be set to x.509 if used. |
-label |
This option specifies the label that objects must match in order to be listed. |
-application |
This option specifies the application attribute that objects must match in order to be listed. |
-value |
This option specifies the value that objects must match in order to be listed. |
-issuer |
This option specifies the issuer that objects must match in order to be listed. |
-serialNumber |
This option specifies the serial number that objects must match in order to be listed. |
-subject |
This option specifies the subject that objects must match in order to be listed. |
-id |
This option specifies the id that objects must match in order to be listed. |
-token |
This option specifies whether permanent or temporary objects are to be listed. It can be set to True or 1 for permanent objects and False or 0 for temporary objects. |
-private |
Set to True or False (or 1 or 0). |
-sensitive |
Set to True or False (or 1 or 0). |
-alwaysSensitive | Set to True or False (or 1 or 0). |
-extractable | Set to True or False (or 1 or 0). |
-neverExtractable | Set to True or False (or 1 or 0). |
-local | Set to True or False (or 1 or 0). |
-encrypt | Set to True or False (or 1 or 0). |
-decrypt | Set to True or False (or 1 or 0). |
-sign | Set to True or False (or 1 or 0). |
-verify | Set to True or False (or 1 or 0). |
-wrap | Set to True or False (or 1 or 0). |
-unwrap | Set to True or False (or 1 or 0). |
-derive | Set to True or False (or 1 or 0). |
startDate |
This option specifies the start date that objects must match in order to be listed. |
endDate |
This option specifies the end date that objects must match in order to be listed. |
modulusBits |
This option specifies the modulus size that RSA keys must match in order to be listed. |
publicExponent |
This option specifies the public exponent value that RSA keys must match in order to be listed. It can only be set to 3, 17 or 65537. |
- modifiable |
Set to True or False (or 1 or 0). |
Example
The following example displays the handle and label of each certificate that is accessible on the HSM:
cmu list -class=certificate
The following example displays the handles of all locally generated RSA private signing keys on the HSM:
cmu list -keyType=rsa -local=True -sign=True -display=handle
The following example displays the class, type and label of all signing keys on the HSM:
cmu list -display=class,keyType,label -sign=True