2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 name = "cms-create-sd"
41 argument = "certificate-store"
42 help = "certificate stores to pull certificates from"
48 argument = "signer-friendly-name"
49 help = "certificate to sign with"
54 argument = "certificate-store"
55 help = "trust anchors"
60 argument = "certificate-pool"
61 help = "certificate store to pull certificates from"
67 help = "password, prompter, or environment"
73 help = "oid that the peer support"
79 help = "content type oid"
84 help = "wrapped out-data in a ContentInfo"
89 help = "wrap out-data in PEM armor"
92 long = "detached-signature"
94 help = "create a detached signature"
99 help = "use subject name for CMS Identifier"
103 argument="in-file out-file"
104 help = "Wrap a file within a SignedData object"
107 name = "cms-verify-sd"
111 argument = "certificate-store"
112 help = "trust anchors"
118 argument = "certificate-store"
119 help = "certificate store to pull certificates from"
124 argument = "password"
125 help = "password, prompter, or environment"
128 long = "missing-revoke"
130 help = "missing CRL/OCSP is ok"
133 long = "content-info"
135 help = "unwrap in-data that's in a ContentInfo"
140 help = "unwrap in-data from PEM armor"
143 long = "signed-content"
145 help = "file containing content"
149 argument="in-file out-file"
150 help = "Verify a file within a SignedData object"
153 name = "cms-unenvelope"
158 argument = "certificate-store"
159 help = "certificate used to decrypt the data"
164 argument = "password"
165 help = "password, prompter, or environment"
168 long = "content-info"
170 help = "wrapped out-data in a ContentInfo"
173 argument="in-file out-file"
174 help = "Unenvelope a file containing a EnvelopedData object"
177 name = "cms-envelope"
178 function = "cms_create_enveloped"
183 argument = "certificate-store"
184 help = "certificates used to receive the data"
189 argument = "password"
190 help = "password, prompter, or environment"
193 long = "encryption-type"
199 long = "content-type"
202 help = "content type oid"
205 long = "content-info"
207 help = "wrapped out-data in a ContentInfo"
210 argument="in-file out-file"
211 help = "Envelope a file containing a EnvelopedData object"
215 function = "pcert_verify"
219 argument = "password"
220 help = "password, prompter, or environment"
223 long = "allow-proxy-certificate"
225 help = "allow proxy certificates"
228 long = "missing-revoke"
230 help = "missing CRL/OCSP is ok"
235 help = "time when to validate the chain"
241 help = "verbose logging"
246 help = "maximum search length of certificate trust anchor"
251 help = "match hostname to certificate"
253 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
254 help = "Verify certificate chain"
258 function = "pcert_print"
262 argument = "password"
263 help = "password, prompter, or environment"
268 help = "print the content of the certificates"
273 help = "print the information about the certificate store"
276 argument="certificate ..."
277 help = "Print certificates"
281 function = "pcert_validate"
285 argument = "password"
286 help = "password, prompter, or environment"
289 argument="certificate ..."
290 help = "Validate content of certificates"
293 name = "certificate-copy"
298 argument = "password"
299 help = "password, prompter, or environment"
304 argument = "password"
305 help = "password, prompter, or environment"
308 argument="in-certificates-1 ... out-certificate"
309 help = "Copy in certificates stores into out certificate store"
316 argument = "password"
317 help = "password, prompter, or environment"
322 argument = "certificate"
323 help = "certificate use to sign the request"
329 help = "part after host in url to put in the request"
335 help = "don't include nonce in request"
340 argument = "certificate-store"
341 help = "pool to find parent certificate in"
344 argument="outfile certs ..."
345 help = "Fetch OCSP responses for the following certs"
355 argument="certificates ..."
356 help = "Check that certificates are in OCSP file and valid"
366 argument="ocsp-response-file ..."
367 help = "Print the OCSP responses"
370 name = "request-create"
379 help = "Email address in SubjectAltName"
384 help = "Hostname or domainname in SubjectAltName"
389 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
397 long = "generate-key"
404 help = "number of bits in the generated key";
409 help = "verbose status"
413 argument="output-file"
414 help = "Create a CRMF or PKCS10 request"
417 name = "request-print"
421 help = "verbose printing"
424 argument="requests ..."
425 help = "Print requests"
437 help = "search for private key"
440 long = "friendlyname"
443 help = "match on friendly name"
448 argument = "oid-string"
449 help = "match on EKU"
454 argument = "expression"
455 help = "match on expression"
458 long = "keyEncipherment"
460 help = "match keyEncipherment certificates"
463 long = "digitalSignature"
465 help = "match digitalSignature certificates"
470 help = "print matches"
475 argument = "password"
476 help = "password, prompter, or environment"
479 argument="certificates ..."
480 help = "Query the certificates for a match"
489 help = "Generates random bytes and prints them to standard output"
495 help = "type of CMS algorithm"
497 name = "crypto-available"
499 help = "Print available CMS crypto types"
505 help = "type of CMS algorithm"
510 help = "source certificate limiting the choices"
513 long = "peer-cmstype"
515 help = "peer limiting cmstypes"
517 name = "crypto-select"
519 help = "Print selected CMS type"
526 help = "decode instead of encode"
529 function = "hxtool_hex"
531 help = "Encode input to hex"
537 help = "Issue a CA certificate"
542 help = "Issue a proxy certificate"
545 long = "domain-controller"
547 help = "Issue a MS domaincontroller certificate"
552 help = "Subject of issued certificate"
555 long = "ca-certificate"
557 help = "Issuing CA certificate"
562 help = "Issuing a self-signed certificate"
565 long = "ca-private-key"
567 help = "Private key for self-signed certificate"
572 help = "Issued certificate"
577 help = "Type of certificate to issue"
582 help = "Lifetime of certificate"
585 long = "serial-number"
587 help = "serial-number of certificate"
593 help = "Maximum path length (CA and proxy certificates), -1 no limit"
598 help = "DNS names this certificate is allowed to serve"
603 help = "email addresses assigned to this certificate"
606 long = "pk-init-principal"
608 help = "PK-INIT principal (for SAN)"
613 help = "Microsoft UPN (for SAN)"
618 help = "XMPP jabber id (for SAN)"
623 help = "certificate request"
626 long = "certificate-private-key"
631 long = "generate-key"
638 help = "number of bits in the generated key"
646 long = "template-certificate"
651 long = "template-fields"
655 name = "certificate-sign"
657 name = "issue-certificate"
659 function = "hxtool_ca"
661 help = "Issue a certificate"
668 argument = "password"
669 help = "password, prompter, or environment"
674 help = "verbose printing"
677 argument="certificates..."
678 help = "Test crypto system related to the certificates"
684 help = "type of statistics"
686 name = "statistic-print"
688 help = "Print statistics"
694 help = "signer certificate"
699 argument = "password"
700 help = "password, prompter, or environment"
705 help = "CRL output file"
710 help = "time the crl will be valid"
714 argument="certificates..."
715 help = "Create a CRL"
720 argument = "[command]"
723 help = "Help! I need somebody"