2 * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 name = "cms-create-sd"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
49 argument = "signer-friendly-name"
50 help = "certificate to sign with"
55 argument = "certificate-store"
56 help = "trust anchors"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
68 help = "password, prompter, or environment"
74 help = "oid that the peer support"
80 help = "content type oid"
85 help = "wrapped out-data in a ContentInfo"
90 help = "wrap out-data in PEM armor"
93 long = "detached-signature"
95 help = "create a detached signature"
105 help = "use subject name for CMS Identifier"
109 argument="in-file out-file"
110 help = "Wrap a file within a SignedData object"
113 name = "cms-verify-sd"
118 argument = "certificate-store"
119 help = "trust anchors"
125 argument = "certificate-store"
126 help = "certificate store to pull certificates from"
131 argument = "password"
132 help = "password, prompter, or environment"
135 long = "missing-revoke"
137 help = "missing CRL/OCSP is ok"
140 long = "content-info"
142 help = "unwrap in-data that's in a ContentInfo"
147 help = "unwrap in-data from PEM armor"
150 long = "signer-allowed"
152 help = "allow no signer"
155 long = "signed-content"
157 help = "file containing content"
161 argument="in-file out-file"
162 help = "Verify a file within a SignedData object"
165 name = "cms-unenvelope"
170 argument = "certificate-store"
171 help = "certificate used to decrypt the data"
176 argument = "password"
177 help = "password, prompter, or environment"
180 long = "content-info"
182 help = "wrapped out-data in a ContentInfo"
185 long = "allow-weak-crypto"
187 help = "allow weak crypto"
190 argument="in-file out-file"
191 help = "Unenvelope a file containing a EnvelopedData object"
194 name = "cms-envelope"
195 function = "cms_create_enveloped"
200 argument = "certificate-store"
201 help = "certificates used to receive the data"
206 argument = "password"
207 help = "password, prompter, or environment"
210 long = "encryption-type"
216 long = "content-type"
219 help = "content type oid"
222 long = "content-info"
224 help = "wrapped out-data in a ContentInfo"
227 long = "allow-weak-crypto"
229 help = "allow weak crypto"
232 argument="in-file out-file"
233 help = "Envelope a file containing a EnvelopedData object"
237 function = "pcert_verify"
241 argument = "password"
242 help = "password, prompter, or environment"
245 long = "allow-proxy-certificate"
247 help = "allow proxy certificates"
250 long = "missing-revoke"
252 help = "missing CRL/OCSP is ok"
257 help = "time when to validate the chain"
263 help = "verbose logging"
268 help = "maximum search length of certificate trust anchor"
273 help = "match hostname to certificate"
275 argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
276 help = "Verify certificate chain"
280 function = "pcert_print"
284 argument = "password"
285 help = "password, prompter, or environment"
290 help = "print the content of the certificates"
295 help = "never fail with an error code"
300 help = "print the information about the certificate store"
303 argument="certificate ..."
304 help = "Print certificates"
308 function = "pcert_validate"
312 argument = "password"
313 help = "password, prompter, or environment"
316 argument="certificate ..."
317 help = "Validate content of certificates"
320 name = "certificate-copy"
325 argument = "password"
326 help = "password, prompter, or environment"
331 argument = "password"
332 help = "password, prompter, or environment"
335 argument="in-certificates-1 ... out-certificate"
336 help = "Copy in certificates stores into out certificate store"
343 argument = "password"
344 help = "password, prompter, or environment"
349 argument = "certificate"
350 help = "certificate use to sign the request"
356 help = "part after host in url to put in the request"
362 help = "don't include nonce in request"
367 argument = "certificate-store"
368 help = "pool to find parent certificate in"
371 argument="outfile certs ..."
372 help = "Fetch OCSP responses for the following certs"
382 argument="certificates ..."
383 help = "Check that certificates are in OCSP file and valid"
393 argument="ocsp-response-file ..."
394 help = "Print the OCSP responses"
397 name = "request-create"
406 help = "Email address in SubjectAltName"
411 help = "Hostname or domainname in SubjectAltName"
416 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
424 long = "generate-key"
431 help = "number of bits in the generated key";
436 help = "verbose status"
440 argument="output-file"
441 help = "Create a CRMF or PKCS10 request"
444 name = "request-print"
448 help = "verbose printing"
451 argument="requests ..."
452 help = "Print requests"
464 help = "search for private key"
467 long = "friendlyname"
470 help = "match on friendly name"
475 argument = "oid-string"
476 help = "match on EKU"
481 argument = "expression"
482 help = "match on expression"
485 long = "keyEncipherment"
487 help = "match keyEncipherment certificates"
490 long = "digitalSignature"
492 help = "match digitalSignature certificates"
497 help = "print matches"
502 argument = "password"
503 help = "password, prompter, or environment"
506 argument="certificates ..."
507 help = "Query the certificates for a match"
516 help = "Generates random bytes and prints them to standard output"
522 help = "type of CMS algorithm"
524 name = "crypto-available"
526 help = "Print available CMS crypto types"
532 help = "type of CMS algorithm"
537 help = "source certificate limiting the choices"
540 long = "peer-cmstype"
542 help = "peer limiting cmstypes"
544 name = "crypto-select"
546 help = "Print selected CMS type"
553 help = "decode instead of encode"
556 function = "hxtool_hex"
558 help = "Encode input to hex"
564 help = "Issue a CA certificate"
569 help = "Issue a proxy certificate"
572 long = "domain-controller"
574 help = "Issue a MS domaincontroller certificate"
579 help = "Subject of issued certificate"
582 long = "ca-certificate"
584 help = "Issuing CA certificate"
589 help = "Issuing a self-signed certificate"
592 long = "ca-private-key"
594 help = "Private key for self-signed certificate"
599 help = "Issued certificate"
604 help = "Types of certificate to issue (can be used more then once)"
609 help = "Lifetime of certificate"
612 long = "serial-number"
614 help = "serial-number of certificate"
620 help = "Maximum path length (CA and proxy certificates), -1 no limit"
625 help = "DNS names this certificate is allowed to serve"
630 help = "email addresses assigned to this certificate"
633 long = "pk-init-principal"
635 help = "PK-INIT principal (for SAN)"
640 help = "Microsoft UPN (for SAN)"
645 help = "XMPP jabber id (for SAN)"
650 help = "certificate request"
653 long = "certificate-private-key"
658 long = "generate-key"
665 help = "number of bits in the generated key"
673 long = "template-certificate"
678 long = "template-fields"
682 name = "certificate-sign"
684 name = "issue-certificate"
686 function = "hxtool_ca"
688 help = "Issue a certificate"
695 argument = "password"
696 help = "password, prompter, or environment"
701 help = "verbose printing"
704 argument="certificates..."
705 help = "Test crypto system related to the certificates"
711 help = "type of statistics"
713 name = "statistic-print"
715 help = "Print statistics"
721 help = "signer certificate"
726 argument = "password"
727 help = "password, prompter, or environment"
732 help = "CRL output file"
737 help = "time the crl will be valid"
741 argument="certificates..."
742 help = "Create a CRL"
747 argument = "[command]"
750 help = "Help! I need somebody"