diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/pkcs12.1')
-rw-r--r-- | secure/usr.bin/openssl/man/pkcs12.1 | 80 |
1 files changed, 53 insertions, 27 deletions
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index bc695f6..cc8e999 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2012-05-10" "0.9.8x" "OpenSSL" +.TH PKCS12 1 "2012-05-10" "1.0.1c" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,22 +149,23 @@ pkcs12 \- PKCS#12 file utility [\fB\-cacerts\fR] [\fB\-nokeys\fR] [\fB\-info\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-nodes\fR] +[\fB\-des | \-des3 | \-idea | \-aes128 | \-aes192 | \-aes256 | \-camellia128 | \-camellia192 | \-camellia256 | \-nodes\fR] [\fB\-noiter\fR] -[\fB\-maciter\fR] +[\fB\-maciter | \-nomaciter | \-nomac\fR] [\fB\-twopass\fR] [\fB\-descert\fR] -[\fB\-certpbe\fR] -[\fB\-keypbe\fR] +[\fB\-certpbe cipher\fR] +[\fB\-keypbe cipher\fR] +[\fB\-macalg digest\fR] [\fB\-keyex\fR] [\fB\-keysig\fR] [\fB\-password arg\fR] [\fB\-passin arg\fR] [\fB\-passout arg\fR] [\fB\-rand file(s)\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +[\fB\-CSP name\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as @@ -173,7 +174,7 @@ programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" There are a lot of options the meaning of some depends of whether a PKCS#12 file -is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 +is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the \fB\-export\fR option (see below). .SH "PARSING OPTIONS" .IX Header "PARSING OPTIONS" @@ -183,22 +184,22 @@ This specifies filename of the PKCS#12 file to be parsed. Standard input is used by default. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" -The filename to write certificates and private keys to, standard output by default. -They are all written in \s-1PEM\s0 format. +The filename to write certificates and private keys to, standard output by +default. They are all written in \s-1PEM\s0 format. .IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 .IX Item "-pass arg, -passin arg" -the PKCS#12 file (i.e. input file) password source. For more information about the -format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +the PKCS#12 file (i.e. input file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \&\fIopenssl\fR\|(1). .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" -pass phrase source to encrypt any outputed private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -\&\fIopenssl\fR\|(1). +pass phrase source to encrypt any outputed private keys with. For more +information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section +in \fIopenssl\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" -this option inhibits output of the keys and certificates to the output file version -of the PKCS#12 file. +this option inhibits output of the keys and certificates to the output file +version of the PKCS#12 file. .IP "\fB\-clcerts\fR" 4 .IX Item "-clcerts" only output client certificates (not \s-1CA\s0 certificates). @@ -224,6 +225,12 @@ use triple \s-1DES\s0 to encrypt private keys before outputting, this is the def .IP "\fB\-idea\fR" 4 .IX Item "-idea" use \s-1IDEA\s0 to encrypt private keys before outputting. +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR" 4 +.IX Item "-aes128, -aes192, -aes256" +use \s-1AES\s0 to encrypt private keys before outputting. +.IP "\fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR" 4 +.IX Item "-camellia128, -camellia192, -camellia256" +use Camellia to encrypt private keys before outputting. .IP "\fB\-nodes\fR" 4 .IX Item "-nodes" don't encrypt the private keys at all. @@ -247,18 +254,18 @@ This specifies filename to write the PKCS#12 file to. Standard output is used by default. .IP "\fB\-in filename\fR" 4 .IX Item "-in filename" -The filename to read certificates and private keys from, standard input by default. -They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and -its corresponding certificate should be present. If additional certificates are -present they will also be included in the PKCS#12 file. +The filename to read certificates and private keys from, standard input by +default. They must all be in \s-1PEM\s0 format. The order doesn't matter but one +private key and its corresponding certificate should be present. If additional +certificates are present they will also be included in the PKCS#12 file. .IP "\fB\-inkey filename\fR" 4 .IX Item "-inkey filename" file to read private key from. If not present then a private key must be present in the input file. .IP "\fB\-name friendlyname\fR" 4 .IX Item "-name friendlyname" -This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name -is typically displayed in list boxes by software importing the file. +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This +name is typically displayed in list boxes by software importing the file. .IP "\fB\-certfile filename\fR" 4 .IX Item "-certfile filename" A filename to read additional certificates from. @@ -291,9 +298,11 @@ key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC .IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 .IX Item "-keypbe alg, -certpbe alg" these options allow the algorithm used to encrypt the private key and -certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms -can be selected it is advisable only to use PKCS#12 algorithms. See the list -in the \fB\s-1NOTES\s0\fR section for more information. +certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 \s-1PBE\s0 algorithm name +can be used (see \fB\s-1NOTES\s0\fR section for more information). If a a cipher name +(as output by the \fBlist-cipher-algorithms\fR command is specified then it +is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only +use PKCS#12 algorithms. .IP "\fB\-keyex|\-keysig\fR" 4 .IX Item "-keyex|-keysig" specifies that the private key is to be used for key exchange or just signing. @@ -304,6 +313,9 @@ option marks the key for signing only. Signing only keys can be used for S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support the use of signing only keys for \s-1SSL\s0 client authentication. +.IP "\fB\-macalg digest\fR" 4 +.IX Item "-macalg digest" +specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will be used. .IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 .IX Item "-nomaciter, -noiter" these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. @@ -325,6 +337,9 @@ option. .IX Item "-maciter" This option is included for compatibility with previous versions, it used to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.IP "\fB\-nomac\fR" 4 +.IX Item "-nomac" +don't attempt to provide the \s-1MAC\s0 integrity. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number @@ -332,6 +347,17 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +\&\s-1CA\s0 storage as a file. +.IP "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +\&\s-1CA\s0 storage as a directory. This directory must be a standard certificate +directory: that is a hash of each subject name (using \fBx509 \-hash\fR) should be +linked to each certificate. +.IP "\fB\-CSP name\fR" 4 +.IX Item "-CSP name" +write \fBname\fR as a Microsoft \s-1CSP\s0 name. .SH "NOTES" .IX Header "NOTES" Although there are a large number of options most of them are very rarely |