[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 3

keylist Command


keylist lists the keystore labels in a private keystore.


keylist [-S servicename] [-v | -c] [-p privatekeystore] [username]


The keylist command lists the keystore labels in a private keystore. The -S option specifies which end-entity services and libraries to use while listing the labels in the keystore. Available services are defined in /usr/lib/security/pki/ca.cfg. When invoked without -S, keylist will use the default service, which is local. It is an error to specify a servicename which does not have an entry in the /usr/lib/security/pki/ ca.cfg file. The user optionally may provide the location of the private keystore. If not given, the default location will be used. If the -c option is given, the type of the keystore object corresponding to the label will be specified by one letter symbol. The following are the symbols denoting the keystore object types:

P = Public Key

p = Private Key

T = Trusted Key

S = Secret Key

C = Certificate

t = Trusted Certificate

U = Useful Certificate

If the -v option is used, the type of the object for a label will be given in non-abbreviated version ( for example, Public Key, Secret Key).

If required, the user will be prompted for the password of the underlying service keystore.


-S servicename Specifies which service module to use.
-p privatekeystore Specifies the location of the keystore.
-v Specifies that the output is in verbose mode.
-c Specifies a concise output.


username Specifies the AIX user whose key labels is going to be queried.

Exit Status

0 Successful completion.
>0 An error occured.


This is a privileged (set-UID root) command.

In order to list the contents of a keystore the user must know the password of the private keystore.

Root and invokers belonging to group security are allowed to list anybody's keystore. However, they can only successfully complete this operation if they have the knowledge of the password to the keystore.

A non-privileged user is only allowed to list the keystore that he owns.


This command records the following event information:

KEY_List <username>


  1. To list the labels in keystore /var/security/pki/keys/bob, enter:
    $ keylist -c -p /var/pki/security/keys/bob bob 
    PpC label1 
    PpC label2
  2. To list labels/objects in verbose mode, enter:
    $ keylist -v -p /var/pki/security/keys/bob bob




Related Information

The certadd, certcreate, certdelete, certget, certlink, certlist, certrevoke, certverify, keyadd, keydelete, keypasswd and mksecpki commands.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]