Commit ec1edeb5 authored by Nils Larsch's avatar Nils Larsch
Browse files

update pkcs12 help message + manpage 

PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
parent b0ec1146

apps/pkcs12.c

+4 −0
Original line number Diff line number Diff line
@@ -303,11 +303,14 @@ int MAIN(int argc, char **argv) 
#endif

	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");

	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");

	BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");

	BIO_printf (bio_err, "-maciter      use MAC iteration\n");

	BIO_printf (bio_err, "-nomac        don't generate MAC\n");

	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");

	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");

	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");

	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");

	BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");

	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");

	BIO_printf (bio_err, "-keysig       set MS key signature type\n");

	BIO_printf (bio_err, "-password p   set import/export password source\n");
@@ -319,6 +322,7 @@ int MAIN(int argc, char **argv) 
	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);

	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");

	BIO_printf(bio_err,  "              the random number generator\n");

	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");

    	goto end;

    }

doc/apps/pkcs12.pod

+34 −7
Original line number Diff line number Diff line
@@ -23,22 +23,23 @@ B<openssl> B<pkcs12> 
[B<-cacerts>]

[B<-nokeys>]

[B<-info>]

[B<-des>]

[B<-des3>]

[B<-idea>]

[B<-nodes>]

[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>]

[B<-noiter>]

[B<-maciter>]

[B<-maciter | -nomaciter | -nomac>]

[B<-twopass>]

[B<-descert>]

[B<-certpbe>]

[B<-keypbe>]

[B<-certpbe cipher>]

[B<-keypbe cipher>]

[B<-macalg digest>]

[B<-keyex>]

[B<-keysig>]

[B<-password arg>]

[B<-passin arg>]

[B<-passout arg>]

[B<-rand file(s)>]

[B<-CAfile file>]

[B<-CApath dir>]

[B<-CSP name>]



=head1 DESCRIPTION
@@ -116,6 +117,14 @@ use triple DES to encrypt private keys before outputting, this is the default. 


use IDEA to encrypt private keys before outputting.



=item B<-aes128>, B<-aes192>, B<-aes256>



use AES to encrypt private keys before outputting.



=item B<-camellia128>, B<-camellia192>, B<-camellia256>



use Camellia to encrypt private keys before outputting.



=item B<-nodes>



don't encrypt the private keys at all.
@@ -245,6 +254,10 @@ option. 
This option is included for compatibility with previous versions, it used

to be needed to use MAC iterations counts but they are now used by default.



=item B<-nomac>



don't attempt to provide the MAC integrity.



=item B<-rand file(s)>



a file or files containing random data used to seed the random number
@@ -253,6 +266,20 @@ Multiple files can be specified separated by a OS-dependent character. 
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for

all others.



=item B<-CAfile file>



CA storage as a file.



=item B<-CApath dir>



CA storage as a directory. This directory must be a standard certificate

directory: that is a hash of each subject name (using B<x509 -hash>) should be

linked to each certificate.



=item B<-CSP name>



write B<name> as a Microsoft CSP name.



=back



=head1 NOTES