skipdb is used to manage certificates. Long-term certificates are stored in a database for access by the key manager. The skipdb command allows the manual administration of the certificate database.
X.509 certificates without proper signatures will not be added to the skipdb database. The CA's certificate must be added to the CA certificate database using the skipca command before adding certificates signed by that CA to the skipdb database.
Unsigned public keys are added with the appropriate hash of the contents as the name.
skipdb -[a|r|l|i|e|C] [action specific arguments]
-a [-t certtype] [-n nsid] [-c filename] |
Adds certificates to SKIP certificate database. The certtype argument sets the type of the certificate to be added. Certificate types are X.509 and UDH (unsigned Diffie-Hellman). The nsid argument is a decimal number which corresponds to the namespace of the certificate. Common nsid values are 1 IPv4 and 8 (UDH). filename is the certificate file you wish to add to the database. |
-e [-n nsid] [-k keyid] |
Extracts a certificate to the standard output. The first certificate which matches nsid and keyid will be written. The extracted form is suitable for addition to a database using the skipdb -a command. This subcommand writes only one certificate to the standard output, even if there are multiple certificates which match the nsid, keyid pair. |
-i [-qo] |
Prior to being used, the certificate database must be initialized through the init subcommand. If the database exists, the -o option will delete the contents of the database. The -q option suppresses warning messages. |
-l [-VvL] [-n nsid] [-k keyid] |
Lists the certificates in the Certificate database. -V switches the output to a format more easily parsed by machines. -L lists expiration times along with the Name Space and Master KeyId. -v switches the output to a verbose mode where the entire certificate is printed. -n and -k limit the listing to certificates whose name matches the specified keyid and nsid. |
-r -n nsid -k keyid |
Deletes certificates in the certificate database. Certificates with the specified nsid and keyid will be deleted. |
-C |
Checks existence of the certificate database. Returns true upon existence. |