+static int set_pbe(int *ppbe, const char *str);
+
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
+ OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
+ OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+ OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
+ OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
+ OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
+ OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE
+} OPTION_CHOICE;
+
+const OPTIONS pkcs12_options[] = {
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+ {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
+ {"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
+ {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
+ {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
+ {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
+ {"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
+ {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+ {"chain", OPT_CHAIN, '-', "Add certificate chain"},
+ {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+ {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
+# ifndef OPENSSL_NO_RC2
+ {"descert", OPT_DESCERT, '-',
+ "Encrypt output with 3DES (default RC2-40)"},
+ {"certpbe", OPT_CERTPBE, 's',
+ "Certificate PBE algorithm (default RC2-40)"},
+# else
+ {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
+ {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
+# endif
+ {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
+ {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
+ {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
+ {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+ {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
+ {"LMK", OPT_LMK, '-',
+ "Add local machine keyset attribute to private key"},
+ {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
+ {"macalg", OPT_MACALG, 's',
+ "Digest algorithm used in MAC (default SHA1)"},
+ {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
+ {"rand", OPT_RAND, 's',
+ "Load the file(s) into the random number generator"},
+ {"inkey", OPT_INKEY, '<', "Private key if not infile"},
+ {"certfile", OPT_CERTFILE, '<', "Load certs from file"},
+ {"name", OPT_NAME, 's', "Use name as friendly name"},
+ {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+ {"caname", OPT_CANAME, 's',
+ "Use name as CA friendly name (can be repeated)"},
+ {"in", OPT_IN, '<', "Input filename"},
+ {"out", OPT_OUT, '>', "Output filename"},
+ {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+ {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+ {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+ {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
+ {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+ {"no-CAfile", OPT_NOCAFILE, '-',
+ "Do not load the default certificates file"},
+ {"no-CApath", OPT_NOCAPATH, '-',
+ "Do not load certificates from the default certificates directory"},
+ {"", OPT_CIPHER, '-', "Any supported cipher"},
+# ifndef OPENSSL_NO_ENGINE
+ {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+# endif
+ {NULL}
+};
+
+int pkcs12_main(int argc, char **argv)