keylist Command
Purpose
keylist lists the keystore labels in a private keystore.
Syntax
keylist [-S servicename] [-v | -c] [-p privatekeystore] [username]
Description
The keylist command lists the keystore labels in a private keystore. The -S option specifies which end-entity services and libraries to use while listing the labels in the keystore. Available services are defined in /usr/lib/security/pki/ca.cfg. When invoked without -S, keylist will use the default service, which is local. It is an error to specify a servicename which does not have an entry in the /usr/lib/security/pki/ ca.cfg file. The user optionally may provide the location of the private keystore. If not given, the default location will be used. If the -c option is given, the type of the keystore object corresponding to the label will be specified by one letter symbol. The following are the symbols denoting the keystore object types:
P = Public Key
p = Private Key
T = Trusted Key
S = Secret Key
C = Certificate
t = Trusted Certificate
U = Useful Certificate
If the -v option is used, the type of the object for a label will be given in non-abbreviated version ( for example, Public Key, Secret Key).
If required, the user will be prompted for the password of the underlying service keystore.
Flags
| Item | Description |
|---|---|
| -S servicename | Specifies which service module to use. |
| -p privatekeystore | Specifies the location of the keystore. |
| -v | Specifies that the output is in verbose mode. |
| -c | Specifies a concise output. |
Arguments
| Item | Description |
|---|---|
| username | Specifies the AIX® user whose key labels is going to be queried. |
Exit Status
| Item | Description |
|---|---|
| 0 | Successful completion. |
| >0 | An error occured. |
Security
This is a privileged (set-UID root) command.
In order to list the contents of a keystore the user must know the password of the private keystore.
Root and
invokers belonging to group security are allowed to list anybody's
keystore. However, they can only successfully complete this operation
if they have the knowledge of the password to the keystore.
A non-privileged user is only allowed to list the keystore that he owns.
Audit
This command records the following event information:
KEY_List <username>
Examples
- To list the labels in keystore /var/security/pki/keys/bob,
enter:
$ keylist -c -p /var/pki/security/keys/bob bob PpC label1 PpC label2 - To list labels/objects in verbose mode, enter:
$ keylist -v -p /var/pki/security/keys/bob bob
Files
/usr/lib/security/pki/policy.cfg
/usr/lib/security/pki/ca.cfg