p11tool: mention how CKA_IDs of certs are calculated upon --write

author Daiki Ueno <ueno@gnu.org>

Wed, 9 Jun 2021 12:29:11 +0000 (14:29 +0200)

committer Daiki Ueno <ueno@gnu.org>

Fri, 11 Jun 2021 14:21:36 +0000 (16:21 +0200)
author Daiki Ueno <ueno@gnu.org>
Wed, 9 Jun 2021 12:29:11 +0000 (14:29 +0200)
committer Daiki Ueno <ueno@gnu.org>
Fri, 11 Jun 2021 14:21:36 +0000 (16:21 +0200)
diff --git a/src/p11tool-args.def b/src/p11tool-args.def

index bd7789e017383d5d2e53448ae14595bfb2839a3a..04cccc4b16579dcfedbb6189128044525383e570 100644 (file)
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -268,8 +268,9 @@ flag = {
  flag = {
      name      = write;
      descrip   = "Writes the loaded objects to a PKCS #11 token";
-    doc = "It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with
-    one of --load-privkey, --load-pubkey, --load-certificate option.";
+    doc = "It can be used to write private, public keys, certificates or secret keys to a token. Must be combined with one of --load-privkey, --load-pubkey, --load-certificate option.
+
+When writing a certificate object, its CKA_ID is set to the same CKA_ID of the corresponding public key, if it exists on the token; otherwise it will be derived from the X.509 Subject Key Identifier of the certificate. If this behavior is undesired, write the public key to the token beforehand.";
  };
  
  flag = {
author	Daiki Ueno <ueno@gnu.org>
	Wed, 9 Jun 2021 12:29:11 +0000 (14:29 +0200)
committer	Daiki Ueno <ueno@gnu.org>
	Fri, 11 Jun 2021 14:21:36 +0000 (16:21 +0200)