PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
#endif
BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
+ BIO_printf (bio_err, "-nomaciter don't use MAC iteration\n");
BIO_printf (bio_err, "-maciter use MAC iteration\n");
BIO_printf (bio_err, "-maciter use MAC iteration\n");
+ BIO_printf (bio_err, "-nomac don't generate MAC\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
+ BIO_printf (bio_err, "-macalg alg digest algorithm used in MAC (default SHA1)\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-keyex set MS key exchange type\n");
BIO_printf (bio_err, "-keysig set MS key signature type\n");
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
[B<-cacerts>]
[B<-nokeys>]
[B<-info>]
[B<-cacerts>]
[B<-nokeys>]
[B<-info>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-nodes>]
+[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>]
+[B<-maciter | -nomaciter | -nomac>]
[B<-twopass>]
[B<-descert>]
[B<-twopass>]
[B<-descert>]
-[B<-certpbe>]
-[B<-keypbe>]
+[B<-certpbe cipher>]
+[B<-keypbe cipher>]
+[B<-macalg digest>]
[B<-keyex>]
[B<-keysig>]
[B<-password arg>]
[B<-passin arg>]
[B<-passout arg>]
[B<-rand file(s)>]
[B<-keyex>]
[B<-keysig>]
[B<-password arg>]
[B<-passin arg>]
[B<-passout arg>]
[B<-rand file(s)>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-CSP name>]
use IDEA to encrypt private keys before outputting.
use IDEA to encrypt private keys before outputting.
+=item B<-aes128>, B<-aes192>, B<-aes256>
+
+use AES to encrypt private keys before outputting.
+
+=item B<-camellia128>, B<-camellia192>, B<-camellia256>
+
+use Camellia to encrypt private keys before outputting.
+
=item B<-nodes>
don't encrypt the private keys at all.
=item B<-nodes>
don't encrypt the private keys at all.
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
+=item B<-nomac>
+
+don't attempt to provide the MAC integrity.
+
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item B<-CAfile file>
+
+CA storage as a file.
+
+=item B<-CApath dir>
+
+CA storage as a directory. This directory must be a standard certificate
+directory: that is a hash of each subject name (using B<x509 -hash>) should be
+linked to each certificate.
+
+=item B<-CSP name>
+
+write B<name> as a Microsoft CSP name.
+