DOKK / manpages / debian 12 / qca-qt5-2-utils / qcatool-qt5.1.en
QCATOOL(1) Qt Cryptographic Architecture (QCA) QCATOOL(1)

qcatool - command line tool for the Qt Cryptographic Architecture

qcatool is a command line tool for performing various cryptographic operations with the Qt Cryptographic Architecture (QCA). qcatool can also be used for testing and debugging QCA.

qcatool has a range of options and commands. You only ever get to use one command, but you may use several, one or no options.

As noted above, these are all optional, and may be combined.

Specify the password to use. This is probably a bad idea except for testing, because anyone can read the arguments to a command line application.
Specify the new password to use for password change with the key changepass and keybundle changepass commands. This is probably a bad idea except for testing, because anyone can read the arguments to a command line application.
Specify additional certificates, not trusted, but which may be used in the trust path if appropriate trust can be established.
Specify additional certificates which can be used as trusted (root) certificates.
Disable use of the standard root certificates that are provided by the operating system.
Disable prompting for passwords/passphrases. If you do not provide the passphrase on the command line (with --pass or --newpass) this will cause qcatool to abort the command if a password/passphrase is required.
If outputting certificate information fields (Distinguished Name and Subject Alternative Name), show them in same the order that they are present in the certificate rather than in a friendly sorted order.
Enable additional output to aid debugging.
Log to the specified file.
Log at the specified level. The log level can be between 0 (none) and 8 (most).
When S/MIME signing, do not bundle the signer's certificate chain inside the signature. This results in a smaller signature output, but requires the recipient to have all of the necessary certificates in order to verify it.

Output usage (help) information.
Output version information.
List available plugins. Use the --debug option to get more information on plugins which are found and which ones actually loaded.
Save provider configuration. Use this to have the provider's default configuration written to persistent storage, which you can then edit by hand.
Edit provider configuration. The changes are written to persistent storage.
Create a key pair
Add/change/remove passphrase of a key
Create certificate request (CSR)
Create self-signed certificate
Advanced version of 'makereq'
Advanced version of 'makeself'
Validate certificate
Create a keybundle
Extract certificate(s) and key
Change passphrase of a keybundle
List all available keystores
List content of a keystore
Monitor for keystore availability
Export a keystore entry's content
Export a keystore entry reference
Add a keybundle into a keystore
Add a PGP key into a keystore
Remove an object from a keystore
Examine a certificate
Examine a certificate request (CSR)
Examine a certificate revocation list
Examine a keybundle
Examine a PGP key
Sign a message
Encrypt a message
PGP sign & encrypt a message
Verify a message
Decrypt a message (S/MIME needs X)
Export certs from S/MIME message

The arguments to the commands are as follows.

K = private key.

C = certificate.

X = key bundle.

P = PGP public key.

S = PGP secret key.

E = generic entry.

These must be identified by either a filename or a keystore reference ("store:obj").

qcatool was written by Justin Karneges as part of QCA. This manual page was written by Brad Hards.

August 2007 qcatool 1.0.0