KMF manages the keystores for three public key technologies, PKCS #11 tokens, NSS, and OpenSSL. For all of these technologies, the pktool command enables you to do the following:
Generate a self-signed certificate.
Generate a certificate request.
Import objects into the keystore.
List the objects in the keystore.
Delete objects from the keystore.
Download a CRL.
For the PKCS #11 and NSS technologies, the pktool command also enables you to set a PIN by generating a passphrase:
Generate a passphrase for the keystore.
Generate a passphrase for an object in the keystore.
For examples of using the pktool utility, see the pktool(1) man page and Using the Key Management Framework (Task Map).