summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-08-10 14:23:46 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-11-19 11:36:02 +0100
commit908c9fc7ed86d8fab4edc1431433509bc18ac935 (patch)
treed7f808b14e31fd126543655f17057a1f47377a1e /apps
parente_loader_attic.c: Improve result handling of file_load_try_decode() (diff)
downloadopenssl-908c9fc7ed86d8fab4edc1431433509bc18ac935.tar.xz
openssl-908c9fc7ed86d8fab4edc1431433509bc18ac935.zip
apps/pkcs12: Clean up the order in which many options are presented
Also do a minor extension on the documentation of the -passcerts option Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/4930)
Diffstat (limited to 'apps')
-rw-r--r--apps/pkcs12.c50
1 files changed, 26 insertions, 24 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 12f066c0de..6bc06e370f 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -68,6 +68,17 @@ const OPTIONS pkcs12_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+ {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+
+ OPT_SECTION("Input"),
+ {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"},
+ {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"},
+ {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"},
+ {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"},
+ {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
OPT_SECTION("CA input for export with the -chain option"),
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
@@ -80,39 +91,27 @@ const OPTIONS pkcs12_options[] = {
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store"},
- OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"},
- {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"},
- {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"},
- {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"},
- {"name", OPT_NAME, 's', "Use name as friendly name"},
- {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
- {"caname", OPT_CANAME, 's',
- "Use name as CA friendly name (can be repeated)"},
-
OPT_SECTION("Output"),
- {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
- {"LMK", OPT_LMK, '-',
- "Add local machine keyset attribute to private key"},
- {"macalg", OPT_MACALG, 's',
- "Digest algorithm to use in MAC (default SHA1)"},
- {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"out", OPT_OUT, '>', "Output filename"},
{"passout", OPT_PASSOUT, 's', "Output pass phrase source"},
- {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+ {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+ {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"},
+
+ OPT_SECTION("PKCS12 output"),
+ {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"},
{OPT_MORE_STR, 0, 0,
- "which is the 1st cert from -in matching the private key (if given)"},
- {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
- {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
- {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
- {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+ "which is the 1st cert from -in matching the privte key (if given)"},
+ {"name", OPT_NAME, 's', "Use name as friendly name"},
+ {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+ {"caname", OPT_CANAME, 's',
+ "Use name as CA friendly name (can be repeated)"},
+ {"LMK", OPT_LMK, '-',
+ "Add local machine keyset attribute to private key"},
{"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"},
{"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"},
@@ -126,10 +125,13 @@ const OPTIONS pkcs12_options[] = {
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
#endif
+ {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"},
{"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"},
{"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+ {"macalg", OPT_MACALG, 's',
+ "Digest algorithm to use in MAC (default SHA1)"},
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
{"noenc", OPT_NOENC, '-', "Don't encrypt private keys"},
{"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"},