keylist lists the keystore labels in a private keystore.
keylist [-S servicename] [-v | -c] [-p privatekeystore] [username]
The keylist command lists the keystore labels in a private keystore. The -S option specifies which end-entity services and libraries to use while listing the labels in the keystore. Available services are defined in /usr/lib/security/pki/ca.cfg. When invoked without -S, keylist will use the default service, which is local. It is an error to specify a servicename which does not have an entry in the /usr/lib/security/pki/ ca.cfg file. The user optionally may provide the location of the private keystore. If not given, the default location will be used. If the -c option is given, the type of the keystore object corresponding to the label will be specified by one letter symbol. The following are the symbols denoting the keystore object types:
P = Public Key
p = Private Key
T = Trusted Key
S = Secret Key
C = Certificate
t = Trusted Certificate
U = Useful Certificate
If the -v option is used, the type of the object for a label will be given in non-abbreviated version ( for example, Public Key, Secret Key).
If required, the user will be prompted for the password of the underlying service keystore.
Item | Description |
---|---|
-S servicename | Specifies which service module to use. |
-p privatekeystore | Specifies the location of the keystore. |
-v | Specifies that the output is in verbose mode. |
-c | Specifies a concise output. |
Arguments
Item | Description |
---|---|
username | Specifies the AIX® user whose key labels is going to be queried. |
Item | Description |
---|---|
0 | Successful completion. |
>0 | An error occured. |
This is a privileged (set-UID root) command.
In order to list the contents of a keystore the user must know the password of the private keystore.
Root and invokers belonging to group security are allowed to list anybody's keystore. However, they can only successfully complete this operation if they have the knowledge of the password to the keystore.
A non-privileged user is only allowed to list the keystore that he owns.
Audit
This command records the following event information:
KEY_List <username>
$ keylist -c -p /var/pki/security/keys/bob bob
PpC label1
PpC label2
$ keylist -v -p /var/pki/security/keys/bob bob
/usr/lib/security/pki/policy.cfg
/usr/lib/security/pki/ca.cfg