keylist Command

Purpose

keylist lists the keystore labels in a private keystore.

Syntax

keylist [-S servicename] [-v | -c] [-p privatekeystore] [username]

Description

The keylist command lists the keystore labels in a private keystore. The -S option specifies which end-entity services and libraries to use while listing the labels in the keystore. Available services are defined in /usr/lib/security/pki/ca.cfg. When invoked without -S, keylist will use the default service, which is local. It is an error to specify a servicename which does not have an entry in the /usr/lib/security/pki/ ca.cfg file. The user optionally may provide the location of the private keystore. If not given, the default location will be used. If the -c option is given, the type of the keystore object corresponding to the label will be specified by one letter symbol. The following are the symbols denoting the keystore object types:

P = Public Key

p = Private Key

T = Trusted Key

S = Secret Key

C = Certificate

t = Trusted Certificate

U = Useful Certificate

If the -v option is used, the type of the object for a label will be given in non-abbreviated version ( for example, Public Key, Secret Key).

If required, the user will be prompted for the password of the underlying service keystore.

Flags

Item Description
-S servicename Specifies which service module to use.
-p privatekeystore Specifies the location of the keystore.
-v Specifies that the output is in verbose mode.
-c Specifies a concise output.

Arguments

Item Description
username Specifies the AIX® user whose key labels is going to be queried.

Exit Status

Item Description
0 Successful completion.
>0 An error occured.

Security

This is a privileged (set-UID root) command.

In order to list the contents of a keystore the user must know the password of the private keystore.

Root and invokers belonging to group security are allowed to list anybody's keystore. However, they can only successfully complete this operation if they have the knowledge of the password to the keystore.

A non-privileged user is only allowed to list the keystore that he owns.

Audit

This command records the following event information:

KEY_List <username>

Examples

  1. To list the labels in keystore /var/security/pki/keys/bob, enter: 
    $ keylist -c -p /var/pki/security/keys/bob bob 
PpC label1 
PpC label2
  2. To list labels/objects in verbose mode, enter: 
    $ keylist -v -p /var/pki/security/keys/bob bob

Files

/usr/lib/security/pki/policy.cfg

/usr/lib/security/pki/ca.cfg