2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 name = "cms-create-sd"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
55 argument = "certificate-store"
56 help = "trust anchors"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
68 help = "password, prompter, or environment"
74 help = "oid that the peer support"
80 help = "content type oid"
85 help = "wrapped out-data in a ContentInfo"
90 help = "wrap out-data in PEM armor"
93 long = "detached-signature"
95 help = "create a detached signature"
105 help = "use subject name for CMS Identifier"
109 argument="in-file out-file"
110 help = "Wrap a file within a SignedData object"
113 name = "cms-verify-sd"
118 argument = "certificate-store"
119 help = "trust anchors"
125 argument = "certificate-store"
126 help = "certificate store to pull certificates from"
131 argument = "password"
132 help = "password, prompter, or environment"
135 long = "missing-revoke"
137 help = "missing CRL/OCSP is ok"
140 long = "content-info"
142 help = "unwrap in-data that's in a ContentInfo"
147 help = "unwrap in-data from PEM armor"
150 long = "signer-allowed"
152 help = "allow no signer"
155 long = "allow-wrong-oid"
157 help = "allow wrong oid flag"
160 long = "signed-content"
162 help = "file containing content"
166 argument="in-file [out-file]"
167 help = "Verify a file within a SignedData object"
170 name = "cms-unenvelope"
175 argument = "certificate-store"
176 help = "certificate used to decrypt the data"
181 argument = "password"
182 help = "password, prompter, or environment"
185 long = "content-info"
187 help = "wrapped out-data in a ContentInfo"
190 long = "allow-weak-crypto"
192 help = "allow weak crypto"
195 argument="in-file out-file"
196 help = "Unenvelope a file containing a EnvelopedData object"
199 name = "cms-envelope"
200 function = "cms_create_enveloped"
205 argument = "certificate-store"
206 help = "certificates used to receive the data"
211 argument = "password"
212 help = "password, prompter, or environment"
215 long = "encryption-type"
221 long = "content-type"
224 help = "content type oid"
227 long = "content-info"
229 help = "wrapped out-data in a ContentInfo"
232 long = "allow-weak-crypto"
234 help = "allow weak crypto"
237 argument="in-file out-file"
238 help = "Envelope a file containing a EnvelopedData object"
242 function = "pcert_verify"
246 argument = "password"
247 help = "password, prompter, or environment"
250 long = "allow-proxy-certificate"
252 help = "allow proxy certificates"
255 long = "missing-revoke"
257 help = "missing CRL/OCSP is ok"
262 help = "time when to validate the chain"
268 help = "verbose logging"
273 help = "maximum search length of certificate trust anchor"
278 help = "match hostname to certificate"
280 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
281 help = "Verify certificate chain"
285 function = "pcert_print"
289 argument = "password"
290 help = "password, prompter, or environment"
295 help = "print the content of the certificates"
300 help = "never fail with an error code"
305 help = "print the information about the certificate store"
308 argument="certificate ..."
309 help = "Print certificates"
313 function = "pcert_validate"
317 argument = "password"
318 help = "password, prompter, or environment"
321 argument="certificate ..."
322 help = "Validate content of certificates"
325 name = "certificate-copy"
330 argument = "password"
331 help = "password, prompter, or environment"
336 argument = "password"
337 help = "password, prompter, or environment"
340 argument="in-certificates-1 ... out-certificate"
341 help = "Copy in certificates stores into out certificate store"
348 argument = "password"
349 help = "password, prompter, or environment"
354 argument = "certificate"
355 help = "certificate use to sign the request"
361 help = "part after host in url to put in the request"
367 help = "don't include nonce in request"
372 argument = "certificate-store"
373 help = "pool to find parent certificate in"
376 argument="outfile certs ..."
377 help = "Fetch OCSP responses for the following certs"
387 argument="certificates ..."
388 help = "Check that certificates are in OCSP file and valid"
398 argument="ocsp-response-file ..."
399 help = "Print the OCSP responses"
402 name = "request-create"
411 help = "Email address in SubjectAltName"
416 help = "Hostname or domainname in SubjectAltName"
421 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
429 long = "generate-key"
436 help = "number of bits in the generated key";
441 help = "verbose status"
445 argument="output-file"
446 help = "Create a CRMF or PKCS10 request"
449 name = "request-print"
453 help = "verbose printing"
456 argument="requests ..."
457 help = "Print requests"
469 help = "search for private key"
472 long = "friendlyname"
475 help = "match on friendly name"
480 argument = "oid-string"
481 help = "match on EKU"
486 argument = "expression"
487 help = "match on expression"
490 long = "keyEncipherment"
492 help = "match keyEncipherment certificates"
495 long = "digitalSignature"
497 help = "match digitalSignature certificates"
502 help = "print matches"
507 argument = "password"
508 help = "password, prompter, or environment"
511 argument="certificates ..."
512 help = "Query the certificates for a match"
521 help = "Generates random bytes and prints them to standard output"
527 help = "type of CMS algorithm"
529 name = "crypto-available"
531 help = "Print available CMS crypto types"
537 help = "type of CMS algorithm"
542 help = "source certificate limiting the choices"
545 long = "peer-cmstype"
547 help = "peer limiting cmstypes"
549 name = "crypto-select"
551 help = "Print selected CMS type"
558 help = "decode instead of encode"
561 function = "hxtool_hex"
563 help = "Encode input to hex"
569 help = "Issue a CA certificate"
574 help = "Issue a proxy certificate"
577 long = "domain-controller"
579 help = "Issue a MS domaincontroller certificate"
584 help = "Subject of issued certificate"
587 long = "ca-certificate"
589 help = "Issuing CA certificate"
594 help = "Issuing a self-signed certificate"
597 long = "ca-private-key"
599 help = "Private key for self-signed certificate"
604 help = "Issued certificate"
609 help = "Types of certificate to issue (can be used more then once)"
614 help = "Lifetime of certificate"
617 long = "serial-number"
619 help = "serial-number of certificate"
625 help = "Maximum path length (CA and proxy certificates), -1 no limit"
630 help = "DNS names this certificate is allowed to serve"
635 help = "email addresses assigned to this certificate"
638 long = "pk-init-principal"
640 help = "PK-INIT principal (for SAN)"
645 help = "Microsoft UPN (for SAN)"
650 help = "XMPP jabber id (for SAN)"
655 help = "certificate request"
658 long = "certificate-private-key"
663 long = "generate-key"
670 help = "number of bits in the generated key"
678 long = "template-certificate"
683 long = "template-fields"
687 name = "certificate-sign"
689 name = "issue-certificate"
691 function = "hxtool_ca"
693 help = "Issue a certificate"
700 argument = "password"
701 help = "password, prompter, or environment"
706 help = "verbose printing"
709 argument="certificates..."
710 help = "Test crypto system related to the certificates"
716 help = "type of statistics"
718 name = "statistic-print"
720 help = "Print statistics"
726 help = "signer certificate"
731 argument = "password"
732 help = "password, prompter, or environment"
737 help = "CRL output file"
742 help = "time the crl will be valid"
746 argument="certificates..."
747 help = "Create a CRL"
752 argument = "[command]"
755 help = "Help! I need somebody"