update pkcs12 help message + manpage

PR: 1443
Submitted by: Artem Chuprina <ran@cryptocom.ru>

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 9fa33f64dc8fe7c3ad93f856e8bb21e4a05ee3f9..abd043d801c43ac791e2ffe777bc61015ecf80f0 100644 (file)
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -303,11 +303,14 @@ int MAIN(int argc, char **argv)
 #endif
        BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
        BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
 #endif
        BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
        BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");

+       BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");

        BIO_printf (bio_err, "-maciter      use MAC iteration\n");
        BIO_printf (bio_err, "-maciter      use MAC iteration\n");

+       BIO_printf (bio_err, "-nomac        don't generate MAC\n");

        BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
        BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
        BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
        BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
        BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
        BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
        BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
        BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");

+       BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");

        BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
        BIO_printf (bio_err, "-keysig       set MS key signature type\n");
        BIO_printf (bio_err, "-password p   set import/export password source\n");
        BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
        BIO_printf (bio_err, "-keysig       set MS key signature type\n");
        BIO_printf (bio_err, "-password p   set import/export password source\n");


@@ -319,6 +322,7 @@ int MAIN(int argc, char **argv)
        BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
        BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
        BIO_printf(bio_err,  "              the random number generator\n");
        BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
        BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
        BIO_printf(bio_err,  "              the random number generator\n");

+       BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");

        goto end;
     }
 
        goto end;
     }
 

diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 7ec70a22ac995f4c2b0cb370c10d2162ae45def9..f69a5c5a4cdac42776d9996dcfdf98aa6d55aa33 100644 (file)
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -23,22 +23,23 @@ B<openssl> B<pkcs12>
 [B<-cacerts>]
 [B<-nokeys>]
 [B<-info>]
 [B<-cacerts>]
 [B<-nokeys>]
 [B<-info>]

-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-nodes>]
+[B<-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes>]

 [B<-noiter>]
 [B<-noiter>]

-[B<-maciter>]
+[B<-maciter | -nomaciter | -nomac>]

 [B<-twopass>]
 [B<-descert>]
 [B<-twopass>]
 [B<-descert>]

-[B<-certpbe>]
-[B<-keypbe>]
+[B<-certpbe cipher>]
+[B<-keypbe cipher>]
+[B<-macalg digest>]

 [B<-keyex>]
 [B<-keysig>]
 [B<-password arg>]
 [B<-passin arg>]
 [B<-passout arg>]
 [B<-rand file(s)>]
 [B<-keyex>]
 [B<-keysig>]
 [B<-password arg>]
 [B<-passin arg>]
 [B<-passout arg>]
 [B<-rand file(s)>]

+[B<-CAfile file>]
+[B<-CApath dir>]
+[B<-CSP name>]

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 


@@ -116,6 +117,14 @@ use triple DES to encrypt private keys before outputting, this is the default.
 
 use IDEA to encrypt private keys before outputting.
 
 
 use IDEA to encrypt private keys before outputting.
 

+=item B<-aes128>, B<-aes192>, B<-aes256>
+
+use AES to encrypt private keys before outputting.
+
+=item B<-camellia128>, B<-camellia192>, B<-camellia256>
+
+use Camellia to encrypt private keys before outputting.
+

 =item B<-nodes>
 
 don't encrypt the private keys at all.
 =item B<-nodes>
 
 don't encrypt the private keys at all.


@@ -245,6 +254,10 @@ option.
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
 
 This option is included for compatibility with previous versions, it used
 to be needed to use MAC iterations counts but they are now used by default.
 

+=item B<-nomac>
+
+don't attempt to provide the MAC integrity.
+

 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number
 =item B<-rand file(s)>
 
 a file or files containing random data used to seed the random number


@@ -253,6 +266,20 @@ Multiple files can be specified separated by a OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 

+=item B<-CAfile file>
+
+CA storage as a file.
+
+=item B<-CApath dir>
+
+CA storage as a directory. This directory must be a standard certificate
+directory: that is a hash of each subject name (using B<x509 -hash>) should be
+linked to each certificate.
+
+=item B<-CSP name>
+
+write B<name> as a Microsoft CSP name.
+

 =back
 
 =head1 NOTES
 =back
 
 =head1 NOTES