DOKK / manpages / debian 12 / openpace / cvc-create.1.en
CVC-CREATE(1) User Commands CVC-CREATE(1)

cvc-create - manual page for cvc-create 1.1.2

cvc-create [OPTION]...

Create a card verifiable certificate

Print help and exit
Print version and exit
Where to save the certificate (default=`CHR.cvcert')
The terminal's role (possible values="cvca", "dv_domestic", "dv_foreign", "terminal")
Type of the terminal. Known values are "at" (Authentication Terminal), "is" (Inspection System), "st" (Signature Terminal), "derived_from_signer" (uses the the signer's CVC type), any other value is interpreted as object identifier. (default=`derived_from_signer')
Raw Card Holder Authorization Template (CHAT). This option will overwrite any terminal specific effective authorization (see options for AT/IS/ST).
Date the certificate was issued (default=`today')
Date until the certicate is valid
Private key for signing the new certificate
Signature scheme that the new terminal will use (possible values="ECDSA_SHA_1", "ECDSA_SHA_224", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "RSA_v1_5_SHA_1", "RSA_v1_5_SHA_256", "RSA_v1_5_SHA_512", "RSA_PSS_SHA_1", "RSA_PSS_SHA_256", "RSA_PSS_SHA_512")
Mode: csr
The properties of the certificate are derived from the given signing request.
Certificate signing request with the attributes
Mode: manual
The properties of the certificate are derived from the command line switches.
Certificate holder reference (2 characters ISO 3166-1 ALPHA-2 country code, 0-9 characters ISO/IEC 8859-1 holder mnemonic, 5 characters ISO/IEC 8859-1 numeric or alphanumeric sequence number)
CV certificate of the entity signing the new certificate (default=`self signed')
Private key of the Terminal (default=`derived from signer')
Where to save the derived private key (default=`CHR.pkcs8')

Where to save the encoded certificate description (default=`CHR.desc')
Terms of usage as part of the certificate description (*.txt, *.html or *.pdf)
Name of the issuer of this certificate (certificate description)
URL that points to informations about the issuer of this certificate (certificate description)
Name of the holder of this certificate (certificate description)
URL that points to informations about the subject of this certificate (certificate description)
Allow writing DG 17 (Normal Place of Residence) (default=off)
Allow writing DG 18 (Community ID) (default=off)
Allow writing DG 19 (Residence Permit I) (default=off)
Allow writing DG 20 (Residence Permit II) (default=off)
Allow writing DG 21 (Optional Data) (default=off)
Allow RFU R/W Access bit 32 (default=off)
Allow RFU R/W Access bit 31 (default=off)
Allow RFU R/W Access bit 30 (default=off)
Allow RFU R/W Access bit 29 (default=off)
Allow reading DG 1 (Document Type) (default=off)
Allow reading DG 2 (Issuing State) (default=off)
Allow reading DG 3 (Date of Expiry) (default=off)
Allow reading DG 4 (Given Names) (default=off)
Allow reading DG 5 (Family Names) (default=off)
Allow reading DG 6 (Religious/Artistic Name) (default=off)
Allow reading DG 7 (Academic Title) (default=off)
Allow reading DG 8 (Date of Birth) (default=off)
Allow reading DG 9 (Place of Birth) (default=off)
Allow reading DG 10 (Nationality) (default=off)
Allow reading DG 11 (Sex) (default=off)
Allow reading DG 12 (Optional Data) (default=off)
Allow reading DG 13 (default=off)
Allow reading DG 14 (default=off)
Allow reading DG 15 (default=off)
Allow reading DG 16 (default=off)
Allow reading DG 17 (Normal Place of Residence) (default=off)
Allow reading DG 18 (Community ID) (default=off)
Allow reading DG 19 (Residence Permit I) (default=off)
Allow reading DG 20 (Residence Permit II) (default=off)
Allow reading DG 21 (Optional Data) (default=off)
Allow installing qualified certificate (default=off)
Allow installing certificate (default=off)
Allow PIN management (default=off)
CAN allowed (default=off)
Privileged terminal (default=off)
Allow restricted identification (default=off)
Allow community ID verification (default=off)
Allow age verification (default=off)

Allow RFU bit 5 (default=off)
Allow RFU bit 4 (default=off)
Allow RFU bit 3 (default=off)
Allow RFU bit 2 (default=off)
Generate qualified electronic signature (default=off)
Generate electronic signature (default=off)

Read access to eID application (Deprecated) (default=off)
Allow RFU bit 4 (default=off)
Allow RFU bit 3 (default=off)
Allow RFU bit 2 (default=off)
Read access to ePassport application: DG 4 (Iris) (default=off)
Read access to ePassport application: DG 3 (Fingerprint) (default=off)

Written by Frank Morgner <frankmorgner@gmail.com>

Report bugs to https://github.com/frankmorgner/openpace/issues

July 2022 OpenPACE 1.1.2