2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 name = "cms-create-sd"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
55 argument = "certificate-store"
56 help = "trust anchors"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
68 help = "password, prompter, or environment"
74 help = "oid that the peer support"
80 help = "content type oid"
85 help = "wrapped out-data in a ContentInfo"
90 help = "wrap out-data in PEM armor"
93 long = "detached-signature"
95 help = "create a detached signature"
105 help = "use subject name for CMS Identifier"
108 long = "embedded-certs"
110 help = "dont embedded certficiates"
113 long = "embed-leaf-only"
115 help = "only embed leaf certificate"
119 argument="in-file out-file"
120 help = "Wrap a file within a SignedData object"
123 name = "cms-verify-sd"
128 argument = "certificate-store"
129 help = "trust anchors"
135 argument = "certificate-store"
136 help = "certificate store to pull certificates from"
141 argument = "password"
142 help = "password, prompter, or environment"
145 long = "missing-revoke"
147 help = "missing CRL/OCSP is ok"
150 long = "content-info"
152 help = "unwrap in-data that's in a ContentInfo"
157 help = "unwrap in-data from PEM armor"
160 long = "signer-allowed"
162 help = "allow no signer"
165 long = "allow-wrong-oid"
167 help = "allow wrong oid flag"
170 long = "signed-content"
172 help = "file containing content"
176 argument="in-file [out-file]"
177 help = "Verify a file within a SignedData object"
180 name = "cms-unenvelope"
185 argument = "certificate-store"
186 help = "certificate used to decrypt the data"
191 argument = "password"
192 help = "password, prompter, or environment"
195 long = "content-info"
197 help = "wrapped out-data in a ContentInfo"
200 long = "allow-weak-crypto"
202 help = "allow weak crypto"
205 argument="in-file out-file"
206 help = "Unenvelope a file containing a EnvelopedData object"
209 name = "cms-envelope"
210 function = "cms_create_enveloped"
215 argument = "certificate-store"
216 help = "certificates used to receive the data"
221 argument = "password"
222 help = "password, prompter, or environment"
225 long = "encryption-type"
231 long = "content-type"
234 help = "content type oid"
237 long = "content-info"
239 help = "wrapped out-data in a ContentInfo"
242 long = "allow-weak-crypto"
244 help = "allow weak crypto"
247 argument="in-file out-file"
248 help = "Envelope a file containing a EnvelopedData object"
252 function = "pcert_verify"
256 argument = "password"
257 help = "password, prompter, or environment"
260 long = "allow-proxy-certificate"
262 help = "allow proxy certificates"
265 long = "missing-revoke"
267 help = "missing CRL/OCSP is ok"
272 help = "time when to validate the chain"
278 help = "verbose logging"
283 help = "maximum search length of certificate trust anchor"
288 help = "match hostname to certificate"
290 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
291 help = "Verify certificate chain"
295 function = "pcert_print"
299 argument = "password"
300 help = "password, prompter, or environment"
305 help = "print the content of the certificates"
310 help = "never fail with an error code"
315 help = "print the information about the certificate store"
318 argument="certificate ..."
319 help = "Print certificates"
323 function = "pcert_validate"
327 argument = "password"
328 help = "password, prompter, or environment"
331 argument="certificate ..."
332 help = "Validate content of certificates"
335 name = "certificate-copy"
340 argument = "password"
341 help = "password, prompter, or environment"
346 argument = "password"
347 help = "password, prompter, or environment"
350 argument="in-certificates-1 ... out-certificate"
351 help = "Copy in certificates stores into out certificate store"
358 argument = "password"
359 help = "password, prompter, or environment"
364 argument = "certificate"
365 help = "certificate use to sign the request"
371 help = "part after host in url to put in the request"
377 help = "don't include nonce in request"
382 argument = "certificate-store"
383 help = "pool to find parent certificate in"
386 argument="outfile certs ..."
387 help = "Fetch OCSP responses for the following certs"
397 argument="certificates ..."
398 help = "Check that certificates are in OCSP file and valid"
408 argument="ocsp-response-file ..."
409 help = "Print the OCSP responses"
412 name = "request-create"
421 help = "Email address in SubjectAltName"
426 help = "Hostname or domainname in SubjectAltName"
431 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
439 long = "generate-key"
446 help = "number of bits in the generated key";
451 help = "verbose status"
455 argument="output-file"
456 help = "Create a CRMF or PKCS10 request"
459 name = "request-print"
463 help = "verbose printing"
466 argument="requests ..."
467 help = "Print requests"
479 help = "search for private key"
482 long = "friendlyname"
485 help = "match on friendly name"
490 argument = "oid-string"
491 help = "match on EKU"
496 argument = "expression"
497 help = "match on expression"
500 long = "keyEncipherment"
502 help = "match keyEncipherment certificates"
505 long = "digitalSignature"
507 help = "match digitalSignature certificates"
512 help = "print matches"
517 argument = "password"
518 help = "password, prompter, or environment"
521 argument="certificates ..."
522 help = "Query the certificates for a match"
531 help = "Generates random bytes and prints them to standard output"
537 help = "type of CMS algorithm"
539 name = "crypto-available"
541 help = "Print available CMS crypto types"
547 help = "type of CMS algorithm"
552 help = "source certificate limiting the choices"
555 long = "peer-cmstype"
557 help = "peer limiting cmstypes"
559 name = "crypto-select"
561 help = "Print selected CMS type"
568 help = "decode instead of encode"
571 function = "hxtool_hex"
573 help = "Encode input to hex"
579 help = "Issue a CA certificate"
584 help = "Issue a proxy certificate"
587 long = "domain-controller"
589 help = "Issue a MS domaincontroller certificate"
594 help = "Subject of issued certificate"
597 long = "ca-certificate"
599 help = "Issuing CA certificate"
604 help = "Issuing a self-signed certificate"
607 long = "ca-private-key"
609 help = "Private key for self-signed certificate"
614 help = "Issued certificate"
619 help = "Types of certificate to issue (can be used more then once)"
624 help = "Lifetime of certificate"
627 long = "serial-number"
629 help = "serial-number of certificate"
635 help = "Maximum path length (CA and proxy certificates), -1 no limit"
640 help = "DNS names this certificate is allowed to serve"
645 help = "email addresses assigned to this certificate"
648 long = "pk-init-principal"
650 help = "PK-INIT principal (for SAN)"
655 help = "Microsoft UPN (for SAN)"
660 help = "XMPP jabber id (for SAN)"
665 help = "certificate request"
668 long = "certificate-private-key"
673 long = "generate-key"
680 help = "number of bits in the generated key"
688 long = "template-certificate"
693 long = "template-fields"
697 name = "certificate-sign"
699 name = "issue-certificate"
701 function = "hxtool_ca"
703 help = "Issue a certificate"
710 argument = "password"
711 help = "password, prompter, or environment"
716 help = "verbose printing"
719 argument="certificates..."
720 help = "Test crypto system related to the certificates"
726 help = "type of statistics"
728 name = "statistic-print"
730 help = "Print statistics"
736 help = "signer certificate"
741 argument = "password"
742 help = "password, prompter, or environment"
747 help = "CRL output file"
752 help = "time the crl will be valid"
756 argument="certificates..."
757 help = "Create a CRL"
762 argument = "[command]"
765 help = "Help! I need somebody"
projects / FreeBSD / releng / 10.0.git / blob