#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
+ {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+ {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+
+ OPT_SECTION("Input"),
+ {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"},
+ {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"},
+ {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"},
+ {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"},
+ {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
OPT_SECTION("CA input for export with the -chain option"),
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"no-CAstore", OPT_NOCASTORE, '-',
"Do not load certificates from the default certificates store"},
- OPT_SECTION("Input"),
- {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"},
- {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
- {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"},
- {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"},
- {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"},
- {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"},
- {"name", OPT_NAME, 's', "Use name as friendly name"},
- {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
- {"caname", OPT_CANAME, 's',
- "Use name as CA friendly name (can be repeated)"},
-
OPT_SECTION("Output"),
- {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
- {"LMK", OPT_LMK, '-',
- "Add local machine keyset attribute to private key"},
- {"macalg", OPT_MACALG, 's',
- "Digest algorithm to use in MAC (default SHA1)"},
- {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"out", OPT_OUT, '>', "Output filename"},
{"passout", OPT_PASSOUT, 's', "Output pass phrase source"},
- {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+ {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+ {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
{"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
{"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
{"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
{"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"},
+
+ OPT_SECTION("PKCS12 output"),
+ {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
{"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"},
{OPT_MORE_STR, 0, 0,
- "which is the 1st cert from -in matching the private key (if given)"},
- {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
- {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
- {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
- {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+ "which is the 1st cert from -in matching the privte key (if given)"},
+ {"name", OPT_NAME, 's', "Use name as friendly name"},
+ {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+ {"caname", OPT_CANAME, 's',
+ "Use name as CA friendly name (can be repeated)"},
+ {"LMK", OPT_LMK, '-',
+ "Add local machine keyset attribute to private key"},
{"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"},
{"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"},
{"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
{"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
#endif
+ {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
{"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"},
{"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"},
{"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"},
{"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+ {"macalg", OPT_MACALG, 's',
+ "Digest algorithm to use in MAC (default SHA1)"},
{"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
{"noenc", OPT_NOENC, '-', "Don't encrypt private keys"},
{"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"},