OPT_SECTION("Signing"),
{"md", OPT_MD, 's', "Digest to use, such as sha256"},
{"keyfile", OPT_KEYFILE, 's', "The CA private key"},
- {"keyform", OPT_KEYFORM, 'f',
- "Private key file format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key file format (DER/PEM)"},
{"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"},
{"key", OPT_KEY, 's',
"Key to decrypt the private key or cert files if encrypted. Better use -passin"},
"Format (PEM or DER) to use when saving a certificate to a file. Default PEM"},
{"crlform", OPT_CRLFORM, 's',
"Format (PEM or DER) to use when saving a CRL to a file. Default DER"},
- {"keyform", OPT_KEYFORM, 's',
- "Format of the key input (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 's', "Format of the key input (DER/PEM/P12)"},
{"otherpass", OPT_OTHERPASS, 's',
"Pass phrase source potentially needed for loading certificates of others"},
OPT_PROV_OPTIONS,
"Input private key (if not signer or recipient)"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
- {"keyform", OPT_KEYFORM, 'f',
- "Input private key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Input private key format (DER/PEM)"},
OPT_PROV_OPTIONS,
OPT_R_OPTIONS,
{"c", OPT_C, '-', "Print the digest with separating colons"},
{"r", OPT_R, '-', "Print the digest in coreutils format"},
{"out", OPT_OUT, '>', "Output to filename rather than stdout"},
- {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Key file format (DER/PEM)"},
{"hex", OPT_HEX, '-', "Print as hex dump"},
{"binary", OPT_BINARY, '-', "Print in binary form"},
{"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"},
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
-# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
* 'f' any format [OPT_FMT_ANY]
* 'F' der/pem format [OPT_FMT_PEMDER]
* 'A' any ASN1, der/pem/b64 format [OPT_FMT_ASN1]
- * 'E' der/pem/engine format [OPT_FMT_PDE]
* 'c' pem/der/smime format [OPT_FMT_PDS]
*
* The 'l', 'n' and 'u' value types include the values zero,
# define OPT_FMT_B64 (1L << 3)
# define OPT_FMT_PKCS12 (1L << 4)
# define OPT_FMT_SMIME (1L << 5)
-# define OPT_FMT_ENGINE (1L << 6)
# define OPT_FMT_MSBLOB (1L << 7)
# define OPT_FMT_NSS (1L << 8)
# define OPT_FMT_TEXT (1L << 9)
# define OPT_FMT_PEMDER (OPT_FMT_PEM | OPT_FMT_DER)
# define OPT_FMT_ASN1 (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64)
-# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64 | \
- OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_MSBLOB | OPT_FMT_NSS | \
- OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+ OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+ OPT_FMT_MSBLOB | OPT_FMT_NSS | \
+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
/* Divide options into sections when displaying usage */
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
switch (i) {
case 0: case '-': case '.':
- case '/': case '<': case '>': case 'E': case 'F':
+ case '/': case '<': case '>': case 'F':
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
case 'u': case 'c': case ':': case 'N': case 'A':
break;
{"b64", OPT_FMT_B64},
{"pkcs12", OPT_FMT_PKCS12},
{"smime", OPT_FMT_SMIME},
- {"engine", OPT_FMT_ENGINE},
{"msblob", OPT_FMT_MSBLOB},
{"nss", OPT_FMT_NSS},
{"text", OPT_FMT_TEXT},
return opt_format_error(s, flags);
*result = FORMAT_MSBLOB;
break;
- case 'E':
- case 'e':
- if ((flags & OPT_FMT_ENGINE) == 0)
- return opt_format_error(s, flags);
- *result = FORMAT_ENGINE;
- break;
case 'H':
case 'h':
if ((flags & OPT_FMT_HTTP) == 0)
return "SMIME";
case FORMAT_MSBLOB:
return "MSBLOB";
- case FORMAT_ENGINE:
- return "ENGINE";
case FORMAT_HTTP:
return "HTTP";
case FORMAT_PKCS12:
return -1;
break;
case 'c':
- case 'E':
case 'F':
case 'f':
case 'A':
case 'a':
if (opt_format(arg,
o->valtype == 'c' ? OPT_FMT_PDS :
- o->valtype == 'E' ? OPT_FMT_PDE :
o->valtype == 'F' ? OPT_FMT_PEMDER :
o->valtype == 'A' ? OPT_FMT_ASN1 :
OPT_FMT_ANY, &ival))
return "long";
case 'u':
return "ulong";
- case 'E':
- return "PEM|DER|ENGINE";
case 'F':
return "PEM|DER";
case 'f':
OPT_SECTION("Input"),
{"in", OPT_IN, 's', "Input key"},
- {"inform", OPT_INFORM, 'f',
- "Key input format (ENGINE, other values ignored)"},
+ {"inform", OPT_INFORM, 'f', "Key input format (DER/PEM)"},
{"passin", OPT_PASSIN, 's', "Key input pass phrase source"},
{"pubin", OPT_PUBIN, '-',
"Read only public components from key input"},
{"pubin", OPT_PUBIN, '-', "Input key is a public key"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
- {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12)"},
+ {"peerform", OPT_PEERFORM, 'f', "Peer key format (DER/PEM/P12)"},
{"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
{"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
- {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key format (DER/PEM)"},
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file - default stdout"},
OPT_SECTION("Keys and Signing"),
{"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"},
- {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Key file format (DER/PEM)"},
{"pubkey", OPT_PUBKEY, '-', "Output public key"},
{"keyout", OPT_KEYOUT, '>', "File to write private key to"},
{"passin", OPT_PASSIN, 's', "Private key and certificate password source"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
{"inkey", OPT_INKEY, 's', "Input key, by default an RSA private key"},
- {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key format (DER/PEM)"},
{"pubin", OPT_PUBIN, '-', "Input key is an RSA public pkey"},
{"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
{"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
"Client certificate chain file (in PEM format)"},
{"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"},
{"key", OPT_KEY, 's', "Private key file to use; default: -cert file"},
- {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Key format (DER/PEM)"},
{"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"},
{"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
{"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
"Private key file to use; default is -cert file or else" TEST_CERT},
{"key2", OPT_KEY2, '<',
"-Private Key file to use for servername if not in -cert2"},
- {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Key format (DER/PEM)"},
{"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second server certificate file to use (usually for DSA)"},
"second server certificate chain file in PEM format"},
{"dkey", OPT_DKEY, '<',
"Second private key file to use (usually for DSA)"},
- {"dkeyform", OPT_DKEYFORM, 'f',
- "Second key file format (ENGINE, other values ignored)"},
+ {"dkeyform", OPT_DKEYFORM, 'f', "Second key file format (DER/PEM)"},
{"dpass", OPT_DPASS, 's',
"Second private key and cert file pass phrase source"},
{"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
"Output format SMIME (default), PEM or DER"},
{"inkey", OPT_INKEY, 's',
"Input private key (if not signer or recipient)"},
- {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Input private key format (DER/PEM)"},
{"stream", OPT_STREAM, '-', "Enable CMS streaming" },
{"indef", OPT_INDEF, '-', "Same as -stream" },
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
OPT_SECTION("Input"),
{"in", OPT_IN, '<', "Input file"},
{"key", OPT_KEY, '<', "Create SPKAC using private key"},
- {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Private key file format (DER/PEM)"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"challenge", OPT_CHALLENGE, 's', "Challenge string"},
{"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
"Key for signing, and to include unless using -force_pubkey"},
{"signkey", OPT_SIGNKEY, 's',
"Same as -key"},
- {"keyform", OPT_KEYFORM, 'E',
- "Key input format (ENGINE, other values ignored)"},
+ {"keyform", OPT_KEYFORM, 'f', "Key input format (DER/PEM)"},
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"outform", OPT_OUTFORM, 'f',
"Output format (DER or PEM) - default PEM"},
"Use the given CA certificate, conflicts with -key"},
{"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"},
{"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"},
- {"CAkeyform", OPT_CAKEYFORM, 'E',
- "CA key format (ENGINE, other values ignored)"},
+ {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format (DER/PEM)"},
{"CAserial", OPT_CASERIAL, 's',
"File that keeps track of CA-generated serial number"},
{"CAcreateserial", OPT_CACREATESERIAL, '-',
[B<-certform> I<PEM|DER>]
[B<-crlform> I<PEM|DER>]
-[B<-keyform> I<PEM|DER|P12|ENGINE>]
+[B<-keyform> I<PEM|DER|P12>]
[B<-otherpass> I<arg>]
{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
DER format is preferred because it enables more efficient storage
of large CRLs.
-=item B<-keyform> I<PEM|DER|P12|ENGINE>
+=item B<-keyform> I<PEM|DER|P12>
The format of the key input; unspecified by default.
See L<openssl(1)/Format Options> for details.
{- $OpenSSL::safe::opt_engine_item -}
-{- output_off() if $disabled{"deprecated-3.0"}; "" -}
-As an alternative to using this combination:
-
- -engine {engineid} -key {keyid} -keyform ENGINE
-
-... it's also possible to just give the key ID in URI form to B<-key>,
-like this:
-
- -key org.openssl.engine:{engineid}:{keyid}
-
-This applies to all options specifying keys: B<-key>, B<-newkey>, and
-B<-tls_key>.
-{- output_on() if $disabled{"deprecated-3.0"}; "" -}
-
=back
=head2 Provider options
projects / thirdparty / openssl.git / commitdiff
