Batch processing

Edit online

You can run the batch processing commands from the command line to perform the same tasks that are available in the GUI versions of the PKCS #11 tools.

The command format for the PKCS #11 Key Management tool (p11km) is as follows:
p11km -b <batchfile>
The command format for the PKCS #11 Key Administration tool (p11admin) is as follows:
p11admin -b <batchfile>

Because these tools use the OpenSSL library to parse the batch files, the format of the batch files follows the typical OpenSSL configuration file format. Each section is a separate command, and the attribute value pairs provide the information that is required for processing. Each section command is batch processed in order from top to bottom. If an individual batch command fails, an error is printed and batch processing terminates without processing the subsequent section commands.

The following is an example of the OpenSSL configuration file format.

[section1]
attribute1 = “value1”
attribute2 = “value2”
...
attributeN = “valueN”
[section2]
attribute1 = “value1”
attribute2 = “value2”
...
attributeN = “valueN”
...
...
[sectionN]
attribute1 = “value1”
attribute2 = “value2”
...
attributeN = “valueN”
To ensure that the PKCS #11 tool command sections coexist with the OpenSSL configuration file sections, use the following prefixes for the PKCS #11 sections:
p11km tool
p11km_cmd
p11admin tool
p11admin_cmd
Each p11km_cmd or p11admin_cmd section must contain only one action_name attribute with a string value that identifies a specific command associated with the section. The simplest example is a file that contains one command section that describes a command that does not have additional parameters. The following is an example of how to use the p11km tool to run a batch command that lists available PKCS #11 tokens on a system:
[p11km_cmd_list_my_tokens]
action_name=”LIST_TOKENS”
Each batch command supports an optional boolean attribute:
start_gui=”<boolean>”

If you run a batch command that contains the boolean attribute with a value of TRUE, the batch processing terminates after that command completes, and the GUI starts.

Note: If a batch file contains a command that includes the optional start_gui attribute, none of the batch commands that are listed after it are processed.