From: Dr. David von Oheimb Date: Mon, 10 Aug 2020 12:23:46 +0000 (+0200) Subject: apps/pkcs12: Clean up the order in which many options are presented X-Git-Tag: openssl-3.0.0-alpha9~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=908c9fc7ed86d8fab4edc1431433509bc18ac935;p=thirdparty%2Fopenssl.git apps/pkcs12: Clean up the order in which many options are presented Also do a minor extension on the documentation of the -passcerts option Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/4930) --- diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 12f066c0de5..6bc06e370fe 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -68,6 +68,17 @@ const OPTIONS pkcs12_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"password", OPT_PASSWORD, 's', "Set import/export password source"}, + {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, + + OPT_SECTION("Input"), + {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, + {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, + {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, + {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, + {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, + {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, OPT_SECTION("CA input for export with the -chain option"), {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, @@ -80,39 +91,27 @@ const OPTIONS pkcs12_options[] = { {"no-CAstore", OPT_NOCASTORE, '-', "Do not load certificates from the default certificates store"}, - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file for PKCS12 parsing or certs and possibly key"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, - {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, - {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, - {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, - {"name", OPT_NAME, 's', "Use name as friendly name"}, - {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, - {"caname", OPT_CANAME, 's', - "Use name as CA friendly name (can be repeated)"}, - OPT_SECTION("Output"), - {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, - {"LMK", OPT_LMK, '-', - "Add local machine keyset attribute to private key"}, - {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA1)"}, - {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"}, {"out", OPT_OUT, '>', "Output filename"}, {"passout", OPT_PASSOUT, 's', "Output pass phrase source"}, - {"password", OPT_PASSWORD, 's', "Set import/export password source"}, + {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, + {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"}, {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"}, {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"}, {"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"}, + + OPT_SECTION("PKCS12 output"), + {"export", OPT_EXPORT, '-', "Output PKCS12 file"}, {"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"}, {OPT_MORE_STR, 0, 0, - "which is the 1st cert from -in matching the private key (if given)"}, - {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, - {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"}, - {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, - {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, + "which is the 1st cert from -in matching the privte key (if given)"}, + {"name", OPT_NAME, 's', "Use name as friendly name"}, + {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, + {"caname", OPT_CANAME, 's', + "Use name as CA friendly name (can be repeated)"}, + {"LMK", OPT_LMK, '-', + "Add local machine keyset attribute to private key"}, {"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"}, {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"}, @@ -126,10 +125,13 @@ const OPTIONS pkcs12_options[] = { {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"}, {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"}, #endif + {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"}, {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption key and MAC"}, {"noiter", OPT_NOITER, '-', "Don't use encryption key iteration"}, {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"}, + {"macalg", OPT_MACALG, 's', + "Digest algorithm to use in MAC (default SHA1)"}, {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index adcdc7c1a44..6c4fbfb563e 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -11,9 +11,9 @@ B B [B<-help>] [B<-export>] [B<-chain>] +[B<-untrusted> I] [B<-inkey> I] [B<-certfile> I] -[B<-untrusted> I] [B<-passcerts> I] [B<-name> I] [B<-caname> I] @@ -231,7 +231,8 @@ Any certificates that are actually part of the chain are added to the output. =item B<-passcerts> I -The password source for certificate input such as B<-certfile>. +The password source for certificate input such as B<-certfile> +and B<-untrusted>. For more information about the format of B see the B section in L.