diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-10 14:23:46 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-11-19 11:36:02 +0100 |
commit | 908c9fc7ed86d8fab4edc1431433509bc18ac935 (patch) | |
tree | d7f808b14e31fd126543655f17057a1f47377a1e /apps | |
parent | e_loader_attic.c: Improve result handling of file_load_try_decode() (diff) | |
download | openssl-908c9fc7ed86d8fab4edc1431433509bc18ac935.tar.xz openssl-908c9fc7ed86d8fab4edc1431433509bc18ac935.zip |
apps/pkcs12: Clean up the order in which many options are presented
Also do a minor extension on the documentation of the -passcerts option
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/4930)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/pkcs12.c | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 12f066c0de..6bc06e370f 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -68,6 +68,17 @@ const OPTIONS pkcs12_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"password", OPT_PASSWORD, 's', "Set import/export password source"}, + {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, + + OPT_SECTION("Input"), + {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, + {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, + {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, + {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, + {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, OPT_SECTION("CA input for export with the -chain option"), {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, @@ -80,39 +91,27 @@ const OPTIONS pkcs12_options[] = { {"no-CAstore", OPT_NOCASTORE, '-', "Do not load certificates from the default certificates store"}, - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, - {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, - {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, - {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, - {"name", OPT_NAME, 's', "Use name as friendly name"}, - {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, - {"caname", OPT_CANAME, 's', - "Use name as CA friendly name (can be repeated)"}, - OPT_SECTION("Output"), - {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, - {"LMK", OPT_LMK, '-', - "Add local machine keyset attribute to private key"}, - {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA1)"}, - {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"}, {"out", OPT_OUT, '>', "Output filename"}, {"passout", OPT_PASSOUT, 's', "Output pass phrase source"}, - {"password", OPT_PASSWORD, 's', "Set import/export password source"}, + {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, + {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"}, {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"}, {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"}, {"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"}, + + OPT_SECTION("PKCS12 output"), + {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, {"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"}, {OPT_MORE_STR, 0, 0, - "which is the 1st cert from -in matching the private key (if given)"}, - {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, - {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, - {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, - {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, + "which is the 1st cert from -in matching the privte key (if given)"}, + {"name", OPT_NAME, 's', "Use name as friendly name"}, + {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, + {"caname", OPT_CANAME, 's', + "Use name as CA friendly name (can be repeated)"}, + {"LMK", OPT_LMK, '-', + "Add local machine keyset attribute to private key"}, {"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"}, {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"}, @@ -126,10 +125,13 @@ const OPTIONS pkcs12_options[] = { {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, #endif + {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"}, {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"}, {"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"}, {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"}, + {"macalg", OPT_MACALG, 's', + "Digest algorithm to use in MAC (default SHA1)"}, {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, |