cmu list

This function lists all objects (keys, certificates and other general data objects) on the HSM that match an optional set of search criteria and that are accessible given the authentication state of the HSM. Search criteria can include many of the object attributes that are available for searching via the PKCS #11 API. If no search criteria are defined, all accessible objects are returned. The content of the entries in the returned list is definable and can include the object handle and/or any combination of viewable object attributes. The default is to include the handle and the label (CKA_LABEL).

Syntax

cmu list <parameters>

Required Parameters

None

Optional Parameters

Parameter Description
-display

 This is a comma-separated list of attributes to be displayed for each returned object in the list. Multiple attributes can also be specified by repeated use of the display option instead of using the comma-separated list. The attributes supported with the display option are index, handle, class, keyType, label and value. If this parameter is omitted, only the handle and the label are displayed.

-class

  This option defines the class of object to list. It can be set to any of data, certificate, public, private and secret.

-keyType

 This option specifies the type of keys to list. It can be set to any of rsa, dsa, dh, des, 2des, 3des, rc2, rc4, rc5, cast3, cast5 and generic.

-certificateType

 This option specifies the type of certificate to list. It can only be set to x.509 if used.

-label

 This option specifies the label that objects must match in order to be listed.

-application

 This option specifies the application attribute that objects must match in order to be listed.

-value

 This option specifies the value that objects must match in order to be listed.

-issuer

 This option specifies the issuer that objects must match in order to be listed.

-serialNumber

 This option specifies the serial number that objects must match in order to be listed.

-subject

 This option specifies the subject that objects must match in order to be listed.

-id

 This option specifies the id that objects must match in order to be listed.

-token

 This option specifies whether permanent or temporary objects are to be listed. It can be set to True or 1 for permanent objects and False or 0 for temporary objects.

-private

 Set to True or False (or 1 or 0).

-sensitive

 Set to True or False (or 1 or 0).

-alwaysSensitive Set to True or False (or 1 or 0).
-extractable Set to True or False (or 1 or 0).
-neverExtractable Set to True or False (or 1 or 0).
-local Set to True or False (or 1 or 0).
-encrypt Set to True or False (or 1 or 0).
-decrypt Set to True or False (or 1 or 0).
-sign Set to True or False (or 1 or 0).
-verify Set to True or False (or 1 or 0).
-wrap Set to True or False (or 1 or 0).
-unwrap Set to True or False (or 1 or 0).
-derive Set to True or False (or 1 or 0).
startDate

This option specifies the start date that objects must match in order to be listed.

endDate

This option specifies the end date that objects must match in order to be listed.

modulusBits

This option specifies the modulus size that RSA keys must match in order to be listed.

publicExponent

This option specifies the public exponent value that RSA keys must match in order to be listed. It can only be set to 3, 17 or 65537.

- modifiable

Set to True or False (or 1 or 0).

Example

The following example displays the handle and label of each certificate that is accessible on the HSM:

cmu list -class=certificate
   

The following example displays the handles of all locally generated RSA private signing keys on the HSM:

cmu list -keyType=rsa -local=True -sign=True -display=handle
 

The following example displays the class, type and label of all signing keys on the HSM:

cmu list -display=class,keyType,label -sign=True