Usage: xca [-d new.xdb] [-v] [-x] [-i <index-file>]
[-I <directory>] <files>
Next to the usual X command line options. There are the following
There are some deprecated legacy options: [ -k ] [ -r ] [ -c ] [ -p ] [ -7 ] [ -l ] [ -t ] [ -P ]
Before XCA 0.9.0, the type of the items had to be given. This was removed since. Just put all keys, certificates, requests and the database unsorted on the command-line. For backwards compatibility those options are ignored when found.
Usually after importing the items from command-line the application will startup as usual. With the -x option given it will exit after finishing the import dialog. This is useful if XCA is used as default application for viewing certificates, keys or requests.
The sqlitebrowser may be used to examine the elements of the database.
The database schema is documented here. All cryptographic items are stored as base64 DER format and must be decoded before feeding them to OpenSSL: | base64 -d | openssl <x509|req|crl|pkcs8> -inform DER ...
Extract the private key with internal name 'pk8key' from the database
sqlite3 ~/xca.xdb "SELECT private FROM view_private WHERE name='pk8key'" | base64 -d | openssl pkcs8 -inform DER
Extract a CRL
sqlite3 ~/xca.xdb "SELECT crl FROM view_crls WHERE name='ca'" | base64 -d | openssl crl -inform DER
Modify the comment of an item with id 3
sqlite3 ~/xca.xdb "UPDATE items SET comment='My notes' WHERE id=3"
The item names are not required to be unique anymore. Each table view in XCA has an optional column "Primary key" that may be shown to get the ID of the item in the database.