{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
- {"inkey", OPT_INKEY, '<', "Private key if not infile"},
+ {"inkey", OPT_INKEY, 's', "Private key if not infile"},
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
{"name", OPT_NAME, 's', "Use name as friendly name"},
{"CSP", OPT_CSP, 's', "Microsoft CSP name"},
{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
{"in", OPT_IN, '<', "Input file"},
{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
- {"inkey", OPT_INKEY, '<',
+ {"inkey", OPT_INKEY, 's',
"Input private key (if not signer or recipient)"},
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
{"out", OPT_OUT, '>', "Output file"},
{"reply", OPT_REPLY, '-', "Generate a TS reply"},
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"inkey", OPT_INKEY, '<', "File with private key for reply"},
+ {"inkey", OPT_INKEY, 's', "File with private key for reply"},
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
{"verify", OPT_VERIFY, '-', "Verify a TS response"},
[B<-help>]
[B<-export>]
[B<-chain>]
-[B<-inkey filename>]
+[B<-inkey file_or_id>]
[B<-certfile filename>]
[B<-name name>]
[B<-caname name>]
private key and its corresponding certificate should be present. If additional
certificates are present they will also be included in the PKCS#12 file.
-=item B<-inkey filename>
+=item B<-inkey file_or_id>
file to read private key from. If not present then a private key must be present
in the input file.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
=item B<-name friendlyname>
[B<-recip file>]
[B<-inform SMIME|PEM|DER>]
[B<-passin arg>]
-[B<-inkey file>]
+[B<-inkey file_or_id>]
[B<-out file>]
[B<-outform SMIME|PEM|DER>]
[B<-content file>]
the recipients certificate when decrypting a message. This certificate
must match one of the recipients of the message or an error occurs.
-=item B<-inkey file>
+=item B<-inkey file_or_id>
the private key to use when signing or decrypting. This must match the
corresponding certificate. If this option is not specified then the
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file. When signing this option can be used
multiple times to specify successive keys.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
=item B<-passin arg>
[B<-queryfile> request.tsq]
[B<-passin> password_src]
[B<-signer> tsa_cert.pem]
-[B<-inkey> private.pem]
+[B<-inkey> file_or_id]
[B<-sha1|-sha224|-sha256|-sha384|-sha512>]
[B<-chain> certs_file.pem]
[B<-tspolicy> object_id]
the certificate is going to be refused. Overrides the B<signer_cert>
variable of the config file. (Optional)
-=item B<-inkey> private.pem
+=item B<-inkey> file_or_id
The signer private key of the TSA in PEM format. Overrides the
B<signer_key> config file option. (Optional)
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
=item B<-sha1|-sha224|-sha256|-sha384|-sha512>
projects / openssl.git / commitdiff