Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / doc / pycli / doc / cli_commands_list.html
blob: 6b3c9d887951744d4af37a4325824ea1c36462ed [file] [log] [blame]
<!DOCTYPE html>
<!--
Copyright 2019 NXP
This software is owned or controlled by NXP and may only be used
strictly in accordance with the applicable license terms. By expressly
accepting such terms or by downloading, installing, activating and/or
otherwise using the software, you are agreeing that you have read, and
that you agree to comply with and are bound by, such license terms. If
you do not agree to be bound by the applicable license terms, then you
may not retain, install, activate or otherwise use the software.
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title>9.7. List of ssscli commands &#8212; Plug &amp; Trust MW v03.00.05 documentation</title>
<link rel="stylesheet" href="../../_static/bootstrap-sphinx.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" type="text/css" href="../../_static/graphviz.css" />
<script id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
<script src="../../_static/jquery.js"></script>
<script src="../../_static/underscore.js"></script>
<script src="../../_static/doctools.js"></script>
<script src="../../_static/language_data.js"></script>
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="9.8. CLI Data formats" href="cli_data_format.html" />
<link rel="prev" title="9.6. Usage Examples" href="readme_usage_examples.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<script type="text/javascript" src="../../_static/js/jquery-1.11.0.min.js "></script>
<script type="text/javascript" src="../../_static/js/jquery-fix.js "></script>
<script type="text/javascript" src="../../_static/bootstrap-3.3.7/js/bootstrap.min.js "></script>
<script type="text/javascript" src="../../_static/bootstrap-sphinx.js "></script>
</head><body>
<div id="navbar" class="navbar navbar-inverse navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<!-- .btn-navbar is used as the toggle for collapsed navbar content -->
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../../toc.html"><span><img src="../../_static/NXP_logo_JPG.jpg"></span>
MW</a>
<span class="navbar-text navbar-version pull-left"><b>v03.00.05</b></span>
</div>
<div class="collapse navbar-collapse nav-collapse">
<ul class="nav navbar-nav">
<li class="dropdown globaltoc-container">
<a role="button"
id="dLabelGlobalToc"
data-toggle="dropdown"
data-target="#"
href="../../toc.html">TOC <b class="caret"></b></a>
<ul class="dropdown-menu globaltoc"
role="menu"
aria-labelledby="dLabelGlobalToc"><ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../index.html">1. NXP Plug &amp; Trust Middleware</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../organization-of-documentation.html">1.1. Organization of Documentation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../folder-structure.html">1.2. Folder Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sw-prerequisites.html">1.3. List of Platform Prerequisites</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../changes/index.html">2. Changes</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../changes/pending.html">2.1. Pending Refactoring items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/pending.html#known-limitations">2.2. Known limitations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v03_00_05.html">2.3. Release <code class="docutils literal notranslate"><span class="pre">v03.00.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v03_00_04.html">2.4. Release <code class="docutils literal notranslate"><span class="pre">v03.00.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v03_00_03.html">2.5. Release <code class="docutils literal notranslate"><span class="pre">v03.00.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v03_00_02.html">2.6. Release <code class="docutils literal notranslate"><span class="pre">v03.00.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_16_01.html">2.7. Release <code class="docutils literal notranslate"><span class="pre">v02.16.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_16_00.html">2.8. Release <code class="docutils literal notranslate"><span class="pre">v02.16.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_15_00.html">2.9. Release <code class="docutils literal notranslate"><span class="pre">v02.15.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_14_00.html">2.10. Release <code class="docutils literal notranslate"><span class="pre">v02.14.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html">2.11. Release <code class="docutils literal notranslate"><span class="pre">v02.12.05</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html#release-v02-12-04">2.12. Release <code class="docutils literal notranslate"><span class="pre">v02.12.04</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html#release-v02-12-03">2.13. Release <code class="docutils literal notranslate"><span class="pre">v02.12.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html#release-v02-12-02">2.14. Release <code class="docutils literal notranslate"><span class="pre">v02.12.02</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html#release-v02-12-01">2.15. Release <code class="docutils literal notranslate"><span class="pre">v02.12.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_12_00.html#release-v02-12-00">2.16. Release <code class="docutils literal notranslate"><span class="pre">v02.12.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_11_03.html">2.17. Release <code class="docutils literal notranslate"><span class="pre">v02.11.03</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_11_01.html">2.18. Internal Release <code class="docutils literal notranslate"><span class="pre">v02.11.01</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_11_00.html">2.19. Release <code class="docutils literal notranslate"><span class="pre">v02.11.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_10_00.html">2.20. Release <code class="docutils literal notranslate"><span class="pre">v02.10.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_09_00.html">2.21. Release <code class="docutils literal notranslate"><span class="pre">v02.09.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_07_00.html">2.22. Release <code class="docutils literal notranslate"><span class="pre">v02.07.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_06_00.html">2.23. Release <code class="docutils literal notranslate"><span class="pre">v02.06.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_05_00_to_v02_03_00.html">2.24. Release <code class="docutils literal notranslate"><span class="pre">v02.05.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_05_00_to_v02_03_00.html#release-v02-04-00">2.25. Release <code class="docutils literal notranslate"><span class="pre">v02.04.00</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../changes/v02_05_00_to_v02_03_00.html#release-02-03-00">2.26. Release <code class="docutils literal notranslate"><span class="pre">02.03.00</span></code></a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../stack/index.html">3. Plug &amp; Trust MW Stack</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../stack/features.html">3.1. Features</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/features.html#plug-trust-mw-block-diagram">3.2. Plug &amp; Trust MW : Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss-apis.html">3.3. SSS APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/se05xfeatures.html">3.4. SSS APIs: SE051 vs SE050</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/param_checks.html">3.5. Parameter Check &amp; Conventions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/i2cm.html">3.6. I2CM / Secure Sensor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/logging.html">3.7. Logging</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/feature-file.html">3.8. Feature File - <code class="docutils literal notranslate"><span class="pre">fsl_sss_ftr.h</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/platf-scp-from-fs.html">3.9. Using Platform SCP Keys from File System</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/auth/auth-objects.html">3.10. Auth Objects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/auth/auth-objects-userid.html">3.11. Auth Objects : UserID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/auth/auth-objects-aeskey.html">3.12. Auth Objects : AESKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/auth/auth-objects-eckey.html">3.13. Auth Objects : ECKey</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/key-id-range.html">3.14. Key Id Range and Purpose</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/key-id-range.html#authentication-keys">3.15. Authentication Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../stack/key-id-range.html#trust-provisioned-keyids">3.16. Trust provisioned KeyIDs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss/ex/doc/puf-scp03.html">3.17. SCP03 with PUF</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss/doc/sss_heap_management.html">3.18. SSS Heap Management</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../building/index.html">4. Building / Compiling</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../building/windows.html">4.1. Windows Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../building/frdm-k64f-sdk.html">4.2. Import MCUXPresso projects from SDK</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../building/frdm-k64f-cmake.html">4.3. Freedom K64F Build (CMake - Advanced)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../building/imx6.html">4.4. i.MX Linux Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../building/rpi3.html">4.5. Raspberry Pi Build</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../building/cmake.html">4.6. CMake</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../scripts/cmake_options.html">4.7. CMake Options</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../demos/index.html">5. Demo and Examples</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#demo-list">5.1. Demo List</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#sss-api-examples">5.2. SSS API Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#cloud-demos">5.3. Cloud Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#linux-specific-demos">5.4. Linux Specific Demos</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#opc-ua-example">5.5. OPC-UA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#arm-psa-example">5.6. ARM PSA Example</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#se05x-examples">5.7. SE05X Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#openssl-examples">5.8. OpenSSL Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#tests-for-user-crypto">5.9. Tests for User Crypto</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#nxpnfcrdlib-examples">5.10. NXPNFCRDLIB examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#ease-of-use-examples">5.11. Ease-of-Use examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#semslite-examples">5.12. Semslite examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/index.html#puf-examples">5.13. PUF examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/introduction.html">6.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/introduction.html#building-and-running-the-edgelock-2go-agent">6.2. Building and running the EdgeLock 2GO agent</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/introduction.html#datastore-keystore">6.3. Datastore / Keystore</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/introduction.html#connection-to-the-edgelock-2go-cloud-service">6.4. Connection to the EdgeLock 2GO cloud service</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/introduction.html#claim-codes">6.5. Claim Codes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/edgelock2go_agent_apis.html">6.6. API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../nxp_iot_agent/doc/readme_usage_examples.html">6.7. Usage Examples</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../semslite/doc/index.html">7. SEMS Lite Agent</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_overview.html">7.1. SEMS Lite Overview (Only for SE051)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_package.html">7.2. Update Package</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_usage.html">7.3. SEMS Lite Agent Usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_mgmt_api.html">7.4. SEMS Lite management APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_process.html">7.5. SEMS Lite Agent Package Load Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_api.html">7.6. APIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/sems_lite_known_issue.html">7.7. SEMS Lite Known Issue</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../semslite/doc/demo_update.html">7.8. SEMS Lite DEMOs</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../plugins/index.html">8. Plugins / Add-ins</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../sss/plugin/openssl/scripts/readme.html">8.1. Introduction on OpenSSL engine</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss/plugin/mbedtls/scripts/readme.html">8.2. Introduction on mbedTLS ALT Implementation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss/plugin/psa/Readme.html">8.3. Platform Security Architecture</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../plugins/akm.html">8.4. Android Key master</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../sss/plugin/open62541/readme.html">8.5. Introduction on Open62541 (OPC UA stack)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../plugins/wifiEAP/wifiEAP.html">8.6. WiFi EAP Demo with Raspberry Pi3</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../plugins/pkcs11.html">8.7. PKCS#11 Standalone Library</a></li>
</ul>
</li>
<li class="toctree-l1 current"><a class="reference internal" href="../../cli-tool.html">9. CLI Tool</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../a71ch.html">10. A71CH</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../a71ch/a71ch_sss.html">10.1. A71CH and SSS API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../a71ch/a71ch_miscellaneous.html">10.2. Miscellaneous</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../a71ch/a71ch_legacy_host_api.html">10.3. A71CH Legacy API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../a71ch/a71ch_legacy_hlse_api.html">10.4. A71CH Legacy HLSE (Generic) API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../a71ch/a71ch_configure_tool.html">10.5. A71CH Legacy Configure Tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../appendix.html">11. Appendix</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/glossary.html">11.1. Glossary</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/vcom.html">11.2. APDU Commands over VCOM</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/vs2019-setup.html">11.3. Visual Studio 2019 Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/ide_mcux.html">11.4. Setting up MCUXPresso IDE</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../dev-platforms.html">11.5. Development Platforms</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/se_uid.html">11.6. How to get SE Platform Information and UID</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/version_info.html">11.7. Version Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../demos/Certificate_Chains/Readme.html">11.8. Certificate Chains</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/rjct_server.html">11.9. JRCP_v1 Server</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/platfscp.html">11.10. Using own Platform SCP03 Keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/apdu_write_to_buffer.html">11.11. Write APDU to buffer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../api/api_list.html">11.12. Plug &amp; Trust MW APIs</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li class="dropdown">
<a role="button"
id="dLabelLocalToc"
data-toggle="dropdown"
data-target="#"
href="#">Page <b class="caret"></b></a>
<ul class="dropdown-menu localtoc"
role="menu"
aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a><ul>
<li><a class="reference internal" href="#ssscli-commands">9.7.1. ssscli Commands</a></li>
<li><a class="reference internal" href="#set-commands">9.7.2. Set Commands</a></li>
<li><a class="reference internal" href="#get-commands">9.7.3. Get Commands</a></li>
<li><a class="reference internal" href="#generate-commands">9.7.4. Generate Commands</a></li>
<li><a class="reference internal" href="#refpem-commands">9.7.5. Refpem Commands</a></li>
<li><a class="reference internal" href="#se05x-commands">9.7.6. Se05x Commands</a></li>
<li><a class="reference internal" href="#a71ch-commands">9.7.7. A71CH Commands</a></li>
<li><a class="reference internal" href="#policy-commands">9.7.8. POLICY Commands</a></li>
</ul>
</li>
</ul>
</ul>
</li>
<li>
<a href="readme_usage_examples.html" title="Previous Chapter: 9.6. Usage Examples"><span class="glyphicon glyphicon-chevron-left visible-sm"></span><span class="hidden-sm hidden-tablet">&laquo; 9.6. Usage Examples</span>
</a>
</li>
<li>
<a href="cli_data_format.html" title="Next Chapter: 9.8. CLI Data formats"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">9.8. CLI Data formats &raquo;</span>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-md-3">
<div id="sidebar" class="bs-sidenav" role="complementary">
<div class="sidebar-header">
<h3>Plug &amp; Trust MW</h3>
</div>
<div class="row">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../index.html">1. NXP Plug &amp; Trust Middleware</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../changes/index.html">2. Changes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../stack/index.html">3. Plug &amp; Trust MW Stack</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../building/index.html">4. Building / Compiling</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../demos/index.html">5. Demo and Examples</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../edgelock2go-agent.html">6. NXP EdgeLock 2GO Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../semslite/doc/index.html">7. SEMS Lite Agent</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../plugins/index.html">8. Plugins / Add-ins</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../cli-tool.html">9. CLI Tool</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="introduction.html">9.1. Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="block-diagram.html">9.2. Block Diagram</a></li>
<li class="toctree-l2"><a class="reference internal" href="pre-steps.html">9.3. Steps needed before running <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool</a></li>
<li class="toctree-l2"><a class="reference internal" href="running.html">9.4. Running the <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> tool - Windows</a></li>
<li class="toctree-l2"><a class="reference internal" href="../Provisioning/readme.html">9.5. CLI Provisioning</a></li>
<li class="toctree-l2"><a class="reference internal" href="readme_usage_examples.html">9.6. Usage Examples</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">9.7. List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#ssscli-commands">9.7.1. ssscli Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#set-commands">9.7.2. Set Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#get-commands">9.7.3. Get Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#generate-commands">9.7.4. Generate Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#refpem-commands">9.7.5. Refpem Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#se05x-commands">9.7.6. Se05x Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#a71ch-commands">9.7.7. A71CH Commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="#policy-commands">9.7.8. POLICY Commands</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="cli_data_format.html">9.8. CLI Data formats</a></li>
<li class="toctree-l2"><a class="reference internal" href="cli_object_policy.html">9.9. Object Policies Through ssscli</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../appendix/upload_se05x_using_pycli.html">9.10. Upload keys and certificates to SE05X using ssscli tool</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../a71ch.html">10. A71CH</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../appendix.html">11. Appendix</a></li>
</ul>
</div>
<div class="row">
<form class="form" action="../../search.html" method="get">
<div class="form-group">
<label for="Search">Search:</label>
<input type="text" name="q" class="form-control" placeholder="Search" />
</div>
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
</div>
<div class="body col-md-9 content" role="main">
<div class="section" id="list-of-ssscli-commands">
<span id="cli-cmd-list"></span><h1><span class="section-number">9.7. </span>List of <code class="docutils literal notranslate"><span class="pre">ssscli</span></code> commands<a class="headerlink" href="#list-of-ssscli-commands" title="Permalink to this headline">¶</a></h1>
<p>ssscli uses PEM, DER and HEX data formats for keys and certificates. Refer <a class="reference internal" href="cli_data_format.html#cli-data-format"><span class="std std-ref">CLI Data formats</span></a>.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Linux Environment</p>
<p>You can <code class="docutils literal notranslate"><span class="pre">source</span> <span class="pre">pycli/ssscli-bash-completion.sh</span></code> for auto-completion
on bash with linux/posix based environemnt.</p>
</div>
<div class="section" id="ssscli-commands">
<h2><span class="section-number">9.7.1. </span>ssscli Commands<a class="headerlink" href="#ssscli-commands" title="Permalink to this headline">¶</a></h2>
<p>These are the top level commands accepted by the ssscli Tool.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli [OPTIONS] COMMAND [ARGS]...
Command line interface for SE050
Options:
-v, --verbose Enables verbose mode.
--version Show the version and exit.
--help Show this message and exit.
Commands:
a71ch A71CH specific commands
cloud (Not Implemented) Cloud Specific utilities.
connect Open Session.
decrypt Decrypt Operation
disconnect Close session.
encrypt Encrypt Operation
<span class="k">erase</span> Erase ECC/RSA/AES Keys or Certificate (contents)
generate Generate ECC/RSA Key pair
get Get ECC/RSA/AES Keys or certificates
policy Create/Dump Object Policy
refpem Create Reference PEM/DER files (For OpenSSL Engine).
se05x SE05X specific commands
<span class="k">set</span> <span class="nv">Set ECC/RSA/AES Keys or certificates</span>
sign Sign Operation
<span class="k">verify</span> verify Operation
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">connect</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli connect [OPTIONS] subsystem method port_name
Open Session.
subsystem = Security subsystem is selected to be used. Can be one of
<span class="s2">&quot;se05x, a71ch, mbedtls, openssl&quot;</span>
method = Connection method to the system. Can be one of <span class="s2">&quot;none, sci2c,</span>
vcom, t1oi2c, jrcpv1, jrcpv2, pcsc<span class="s2">&quot;</span>
port_name = Subsystem specific connection parameters. Example: COM6,
127.0.0.1:8050. Use <span class="s2">&quot;None&quot;</span> where not applicable. e.g. SCI2C/T1oI2C.
Default i2c port (i2c-1) will be used for port name = <span class="s2">&quot;None&quot;</span>.
Options:
--auth_type [None<span class="p">|</span>PlatformSCP<span class="p">|</span>UserID<span class="p">|</span>ECKey<span class="p">|</span>AESKey<span class="p">|</span>UserID_PlatformSCP<span class="p">|</span>ECKey_PlatformSCP<span class="p">|</span>AESKey_PlatformSCP]
Authentication type. Default is <span class="s2">&quot;None&quot;</span>. Can
be one of <span class="s2">&quot;None, UserID, ECKey, AESKey,</span>
PlatformSCP, UserID_PlatformSCP,
ECKey_PlatformSCP, AESKey_PlatformSCP<span class="s2">&quot;</span>
--scpkey TEXT File path of the platformscp keys for
platformscp session
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">disconnect</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli disconnect [OPTIONS]
Close session.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set [OPTIONS] COMMAND [ARGS]...
<span class="k">Set</span> <span class="nv">ECC/RSA/AES Keys or certificates</span>
Options:
--help Show this message and exit.
Commands:
aes Set AES Keys
cert Set Certificate
ecc Set ECC Keys
hmac Set HMAC Keys
rsa Set RSA Keys
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get [OPTIONS] COMMAND [ARGS]...
Get ECC/RSA/AES Keys or certificates
Options:
--help Show this message and exit.
Commands:
aes Get AES Keys
cert Get Certificate
ecc Get ECC Keys
rsa Get RSA Keys
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">generate</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli generate [OPTIONS] COMMAND [ARGS]...
Generate ECC/RSA Key pair
Options:
--help Show this message and exit.
Commands:
ecc Generate ECC Key
pub Generate ECC Public Key to file
rsa Generate RSA Key
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">erase</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli erase [OPTIONS] keyid
<span class="k">Erase</span> ECC/RSA/AES Keys or Certificate (contents)
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">cloud</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli cloud [OPTIONS] COMMAND [ARGS]...
<span class="p">(</span>Not Implemented<span class="p">)</span> Cloud Specific utilities.
This helps to handle GCP/AWS/Watson specific settings.
Options:
--help Show this message and exit.
Commands:
aws (Not Implemented) AWS (Amazon Web Services) Specific utilities This...
gcp (Not Implemented) GCP (Google Cloud Platform) Specific utilities
This...
ibm (Not Implemented) IBM Watson Specific utilities This helps to handle...
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">a71ch</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli a71ch [OPTIONS] COMMAND [ARGS]...
A71CH specific commands
Options:
--help Show this message and exit.
Commands:
reset Debug Reset A71CH
uid Get A71CH Unique ID
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">se05x</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli se05x [OPTIONS] COMMAND [ARGS]...
SE05X specific commands
Options:
--help Show this message and exit.
Commands:
certuid Get SE05X Cert Unique ID (10 bytes)
readidlist Read contents of SE050
reset Reset SE05X
uid Get SE05X Unique ID (18 bytes)
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">refpem</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli refpem [OPTIONS] COMMAND [ARGS]...
Create Reference PEM/DER files (For OpenSSL Engine).
Options:
--help Show this message and exit.
Commands:
ecc Refpem ECC Keys
rsa Refpem RSA Keys
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">sign</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli sign [OPTIONS] keyid input_file signature_file
Sign Operation
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
input_file = Input file to sign. By default filename with extension .pem
and .cer considered as PEM format, others as DER/BINARY format.
signature_file = File name to store signature data. By default filename
with extension .pem in PEM format and others in DER format.
Options:
--informat TEXT Input format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>.
--outformat TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--hashalgo TEXT Hash algorithm. TEXT can be one of <span class="s2">&quot;SHA1, SHA224, SHA256,</span>
SHA384, SHA512, RSASSA_PKCS1_V1_5_SHA1,
RSASSA_PKCS1_V1_5_SHA224, RSASSA_PKCS1_V1_5_SHA256,
RSASSA_PKCS1_V1_5_SHA384, RSASSA_PKCS1_V1_5_SHA512,
RSASSA_PKCS1_PSS_MGF1_SHA1, RSASSA_PKCS1_PSS_MGF1_SHA224,
RSASSA_PKCS1_PSS_MGF1_SHA256,
RSASSA_PKCS1_PSS_MGF1_SHA384,
RSASSA_PKCS1_PSS_MGF1_SHA512<span class="s2">&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">verify</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli verify [OPTIONS] keyid input_file signature_file
<span class="k">verify</span> operation
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
input_file = Input file to verify. By default filename with extension .pem
and .cer considered as PEM format, others as DER/BINARY format.
filename = signature_file data file for verification. By default filename
with extension .pem in PEM format and others in DER format.
Options:
--format TEXT input_file and signature file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or
<span class="s2">&quot;PEM&quot;</span>
--hashalgo TEXT Hash algorithm. TEXT can be one of <span class="s2">&quot;SHA1, SHA224, SHA256,</span>
SHA384, SHA512, RSASSA_PKCS1_V1_5_SHA1,
RSASSA_PKCS1_V1_5_SHA224, RSASSA_PKCS1_V1_5_SHA256,
RSASSA_PKCS1_V1_5_SHA384, RSASSA_PKCS1_V1_5_SHA512,
RSASSA_PKCS1_PSS_MGF1_SHA1, RSASSA_PKCS1_PSS_MGF1_SHA224,
RSASSA_PKCS1_PSS_MGF1_SHA256, RSASSA_PKCS1_PSS_MGF1_SHA384,
RSASSA_PKCS1_PSS_MGF1_SHA512<span class="s2">&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">encrypt</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli encrypt [OPTIONS] keyid input_data filename
Sign Operation
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
input_data = Input data to Encrypt. can be raw string or in file.
filename = Output file name to store encrypted data. Encrypted data will
be stored in DER format.
Options:
--algo TEXT Algorithm. TEXT can be one of <span class="s2">&quot;oaep&quot;</span>, <span class="s2">&quot;rsaes&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">decrypt</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli decrypt [OPTIONS] keyid encrypted_data filename
Sign Operation
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
encrypted_data = Encrypted data to Decrypt. can be raw data or in file.
Input data should be in DER format.
filename = Output file name to store Decrypted data.
Options:
--algo TEXT Algorithm. TEXT can be one of <span class="s2">&quot;oaep&quot;</span>, <span class="s2">&quot;rsaes&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy [OPTIONS] COMMAND [ARGS]...
Create/Dump Object Policy
Options:
--help Show this message and exit.
Commands:
asymkey Create Asymmetric Key Object Policy
common Create Common Object Policy
commonpcrvalue Create Common PCR Value Object Policy
counter Create Counter Object Policy
dump Display Created Object Policy
file Create Binary file Object Policy
pcr Create PCR Object Policy
symkey Create Symmetric Key Object Policy
userid Create User ID Object Policy
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="set-commands">
<h2><span class="section-number">9.7.2. </span>Set Commands<a class="headerlink" href="#set-commands" title="Permalink to this headline">¶</a></h2>
<p>These commands are used to set/put objects/keys to the target secure subsystem.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">aes</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set aes [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">AES Keys</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be in file or raw key in DER or HEX format
Options:
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">hmac</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set hmac [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">HMAC Keys</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be in file or raw key in DER or HEX format
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">cert</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set cert [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">Certificate</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be raw certificate (DER format) or in file. For file, by default
filename with extension .pem and .cer considered as PEM format and others
as DER format.
Options:
--format TEXT Input certificate format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">ecc</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set ecc pair [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">ECC Key pair</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be raw key (DER format) or in file. For file, by default
filename with extension .pem considered as PEM format and others as DER
format.
Options:
--format TEXT Input key format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">ecc</span> <span class="pre">pub</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set ecc pub [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">ECC Public Keys</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be raw key (DER format) or in file. For file, by default
filename with extension .pem considered as PEM format and others as DER
format.
Options:
--format TEXT Input key format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">rsa</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set rsa pair [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">RSA Key Pair</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be raw key (DER format) or in file. For file, by default
filename with extension .pem considered as PEM format and others as DER
format.
Options:
--format TEXT Input key format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">set</span> <span class="pre">rsa</span> <span class="pre">pub</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli set rsa pub [OPTIONS] keyid key
<span class="k">Set</span> <span class="nv">RSA Public Keys</span>
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
key = Can be raw key (DER format) or in file. For file, by default
filename with extension .pem considered as PEM format and others as DER
format.
Options:
--format TEXT Input key format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="get-commands">
<h2><span class="section-number">9.7.3. </span>Get Commands<a class="headerlink" href="#get-commands" title="Permalink to this headline">¶</a></h2>
<p>These commands are used to retereive/get objects/keys from the target secure subsystem.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">aes</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get aes [OPTIONS] keyid filename
Get AES Keys
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data can be in PEM or DER format based
on file extension. By default filename with extension .pem in PEM format
and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">cert</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get cert [OPTIONS] keyid filename
Get Certificate
keyid = 32bit Key ID. Should be in hex format. Example: 401286E6
filename = File name to store certificate. Data can be in PEM or DER
format based on file extension. By default filename with extension .pem
and .cer in PEM format and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">ecc</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get ecc pair [OPTIONS] keyid filename
Get ECC Pair
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data can be in PEM or DER format based
on file extension. By default filename with extension .pem in PEM format
and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">ecc</span> <span class="pre">pub</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get ecc pub [OPTIONS] keyid filename
Get ECC Pub
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data can be in PEM or DER format based
on file extension. By default filename with extension .pem in PEM format
and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">rsa</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get rsa pair [OPTIONS] keyid filename
Get RSA Pair
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data can be in PEM or DER format based
on file extension. By default filename with extension .pem in PEM format
and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">get</span> <span class="pre">rsa</span> <span class="pre">pub</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli get rsa pub [OPTIONS] keyid filename
Get RSA Pub
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data can be in PEM or DER format based
on file extension. By default filename with extension .pem in PEM format
and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span>
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="generate-commands">
<h2><span class="section-number">9.7.4. </span>Generate Commands<a class="headerlink" href="#generate-commands" title="Permalink to this headline">¶</a></h2>
<p>These commands are used to generate objects/keys inside the target secure subsystem.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">generate</span> <span class="pre">ecc</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli generate ecc [OPTIONS] keyid [NIST_P192<span class="p">|</span>NIST_P224<span class="p">|</span>NIST_P256<span class="p">|</span>NIST
_P384<span class="p">|</span>NIST_P521<span class="p">|</span>Brainpool160<span class="p">|</span>Brainpool192<span class="p">|</span>Brainpool
224<span class="p">|</span>Brainpool256<span class="p">|</span>Brainpool320<span class="p">|</span>Brainpool384<span class="p">|</span>Brainpoo
l512<span class="p">|</span>Secp160k1<span class="p">|</span>Secp192k1<span class="p">|</span>Secp224k1<span class="p">|</span>Secp256k1<span class="p">|</span>ED_255
19<span class="p">|</span>MONT_DH_25519<span class="p">|</span>MONT_DH_448]
Generate ECC Key
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
curvetype = ECC Curve type. can be one of <span class="s2">&quot;NIST_P192, NIST_P224,</span>
NIST_P256, NIST_P384, NIST_P521, Brainpool160, Brainpool192, Brainpool224,
Brainpool256, Brainpool320, Brainpool384, Brainpool512, Secp160k1,
Secp192k1, Secp224k1, Secp256k1, ED_25519, MONT_DH_25519, MONT_DH_448<span class="s2">&quot;</span>
Options:
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">generate</span> <span class="pre">rsa</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli generate rsa [OPTIONS] keyid [1024<span class="p">|</span>2048<span class="p">|</span>3072<span class="p">|</span>4096]
Generate RSA Key
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
bits = Number of bits. can be one of <span class="s2">&quot;1024, 2048, 3072, 4096&quot;</span>
Options:
--policy_name TEXT File name of the policy to be applied
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="refpem-commands">
<h2><span class="section-number">9.7.5. </span>Refpem Commands<a class="headerlink" href="#refpem-commands" title="Permalink to this headline">¶</a></h2>
<p>These commands are used to get Reference/masked Keys usable by openssl engines.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">refpem</span> <span class="pre">ecc</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli refpem ecc pair [OPTIONS] keyid filename
Create reference PEM file for ECC Pair
keyid = 32bit Key ID. Should be in hex format. Example: 0x20E8A001
filename = File name to store key. Can be in PEM or DER or PKCS12 format
based on file extension. By default filename with extension .pem in PEM
format, .pfx or .p12 in PKCS12 format and others in DER format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span> or <span class="s2">&quot;PKCS12&quot;</span>
--password TEXT Password used for PKCS12 format.
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">refpem</span> <span class="pre">ecc</span> <span class="pre">pub</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli refpem ecc pub [OPTIONS] keyid filename
Create reference PEM file for ECC Pub
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data Can be in PEM or DER format or
PKCS12 format based on file extension. By default filename with extension
.pem in PEM format, .pfx or .p12 in PKCS12 format and others in DER
format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span> or <span class="s2">&quot;PKCS12&quot;</span>
--password TEXT Password used for PKCS12 format.
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">refpem</span> <span class="pre">rsa</span> <span class="pre">pair</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli refpem rsa pair [OPTIONS] keyid filename
Create reference PEM file for RSA Pair
keyid = 32bit Key ID. Should be in hex format. Example: 20E8A001
filename = File name to store key. Data Can be in PEM or DER format or
PKCS12 format based on file extension. By default filename with extension
.pem in PEM format, .pfx or .p12 in PKCS12 format and others in DER
format.
Options:
--format TEXT Output file format. TEXT can be <span class="s2">&quot;DER&quot;</span> or <span class="s2">&quot;PEM&quot;</span> or <span class="s2">&quot;PKCS12&quot;</span>
--password TEXT Password used for PKCS12 format.
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="se05x-commands">
<h2><span class="section-number">9.7.6. </span>Se05x Commands<a class="headerlink" href="#se05x-commands" title="Permalink to this headline">¶</a></h2>
<p>These are the SE05x specific commands.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">se05x</span> <span class="pre">uid</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli se05x uid [OPTIONS]
Get 18 bytes Unique ID from the SE05X Secure Module.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">se05x</span> <span class="pre">certuid</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli se05x certuid [OPTIONS]
Get 10 bytes Cert Unique ID from the SE05X Secure Module. The cert uid is
a subset of the Secure Module Unique Identifier
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">se05x</span> <span class="pre">reset</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli se05x reset [OPTIONS]
Resets the SE05X Secure Module to the initial state.
This command uses ``Se05x_API_DeleteAll_Iterative`` API of the SE05X MW to
iterately delete objects provisioned inside the SE. Because of this, some
objects are purposefully skipped from deletion.
It does not use the low level SE05X API ``Se05x_API_DeleteAll``
<span class="k">For</span> more information, see documentation/implementation of the
``Se05x_API_DeleteAll_Iterative`` API.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">se05x</span> <span class="pre">readidlist</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli se05x readidlist [OPTIONS]
Read contents of SE050
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="a71ch-commands">
<h2><span class="section-number">9.7.7. </span>A71CH Commands<a class="headerlink" href="#a71ch-commands" title="Permalink to this headline">¶</a></h2>
<p>These are the A71CH specific commands.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">a71ch</span> <span class="pre">uid</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli a71ch uid [OPTIONS]
Get uid from the A71CH Secure Module.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">a71ch</span> <span class="pre">reset</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli a71ch reset [OPTIONS]
Resets the A71CH Secure Module to the initial state.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
<div class="section" id="policy-commands">
<h2><span class="section-number">9.7.8. </span>POLICY Commands<a class="headerlink" href="#policy-commands" title="Permalink to this headline">¶</a></h2>
<p>These are Policy commands.</p>
<ol class="arabic">
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">asymkey</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy asymkey [OPTIONS] policy_name auth_obj_id
Create Asymmetric key object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--sign BOOLEAN Object policy Allow Sign. Enabled by Default
--verify BOOLEAN Object policy Allow Verify. Enabled by
Default
--encrypt BOOLEAN Object policy Allow Encryption. Enabled by
Default
--decrypt BOOLEAN Object policy Allow Decryption. Enabled by
Default
--key_derive BOOLEAN Object policy Allow Key Derivation. Enabled
by Default
--wrap BOOLEAN Object policy Allow Wrap. Enabled by Default
--generate BOOLEAN Object policy Allow Generate. Enabled by
Default
--write BOOLEAN Object policy Allow Write. Enabled by
Default
--read BOOLEAN Object policy Allow Read. Enabled by Default
--import_export BOOLEAN Object policy Allow Import Export. Enabled
by Default
--key_agreement BOOLEAN Object policy Allow Key Agreement. Enabled
by Default
--attest BOOLEAN Object policy Allow attestation. Enabled by
Default
--forbid_derived_output BOOLEAN
Object policy Forbid Derived Output.
Disabled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">symkey</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy symkey [OPTIONS] policy_name auth_obj_id
Create Symmetric key object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--sign BOOLEAN Object policy Allow Sign. Enabled by Default
--verify BOOLEAN Object policy Allow Verify. Enabled by
Default
--encrypt BOOLEAN Object policy Allow Encryption. Enabled by
Default
--decrypt BOOLEAN Object policy Allow Decryption. Enabled by
Default
--key_derive BOOLEAN Object policy Allow Key Derivation. Enabled
by Default
--wrap BOOLEAN Object policy Allow Wrap. Enabled by Default
--generate BOOLEAN Object policy Allow Generate. Enabled by
Default
--write BOOLEAN Object policy Allow Write. Enabled by
Default
--import_export BOOLEAN Object policy Allow Import Export. Enabled
by Default
--desfire_auth BOOLEAN Object policy Allow to perform DESFire
authentication. Enabled by Default
--desfire_dump BOOLEAN Object policy Allow to dump DESFire session
<span class="k">keys</span>. Enabled by Default
--forbid_derived_output BOOLEAN
Object policy Forbid Derived Output.
Disabled by Default
--kdf_ext_random BOOLEAN Object policy Allow key derivation ext
random. Enbaled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">file</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy file [OPTIONS] policy_name auth_obj_id
Create Binary file object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--write BOOLEAN Object policy Allow Write. Enabled by Default
--read BOOLEAN Object policy Allow Read. Enabled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">counter</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy counter [OPTIONS] policy_name auth_obj_id
Create Counter object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--write BOOLEAN Object policy Allow Write. Enabled by Default
--read BOOLEAN Object policy Allow Read. Enabled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">userid</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy userid [OPTIONS] policy_name auth_obj_id
Create user id object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--write BOOLEAN Object policy Allow Write. Enabled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">common</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy common [OPTIONS] policy_name auth_obj_id
Create common object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--forbid_all BOOLEAN Object policy forbid all. Disabled by Default
--delete BOOLEAN Object policy Allow Delete. Enabled by Default
--req_sm BOOLEAN Object policy Allow req_sm. Disabled by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">commonpcrvalue</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy commonpcrvalue [OPTIONS] policy_name auth_obj_id
Create Common PCR Value object policy.
policy_name = File name of the policy to be created. This policy name
should be given as input while provisioning.
auth_obj_id = Auth object id for each Object Policy.
Options:
--pcr_obj_id TEXT Object policy PCR object ID. Zero by Default
--pcr_expected_value TEXT Object policy PCR Expected Value. Zero by Default
--help Show this message and exit.
</pre></div>
</div>
</li>
<li><p><code class="docutils literal notranslate"><span class="pre">ssscli</span> <span class="pre">policy</span> <span class="pre">dump</span></code>:</p>
<div class="highlight-bat notranslate"><div class="highlight"><pre><span></span>Usage: ssscli policy dump [OPTIONS] policy_name
Display Created object policy.
policy_name = File name of the policy to be displayed.
Options:
--help Show this message and exit.
</pre></div>
</div>
</li>
</ol>
</div>
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<p class="pull-right">
<a href="#">Back to top</a>
</p>
<p>
&copy; Copyright 2018-2020, NXP.<br/>
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.4.1.<br/>
</p>
</div>
</footer>
</body>
</html>