mirror of https://github.com/openssl/openssl
-inkey can be an identifier, not just a file
update pkcs12, smime, ts apps. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3507)
This commit is contained in:
parent
c80bbcbf99
commit
48b5352212
|
@ -91,7 +91,7 @@ const OPTIONS pkcs12_options[] = {
|
|||
{"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
|
||||
{"rand", OPT_RAND, 's',
|
||||
"Load the file(s) into the random number generator"},
|
||||
{"inkey", OPT_INKEY, '<', "Private key if not infile"},
|
||||
{"inkey", OPT_INKEY, 's', "Private key if not infile"},
|
||||
{"certfile", OPT_CERTFILE, '<', "Load certs from file"},
|
||||
{"name", OPT_NAME, 's', "Use name as friendly name"},
|
||||
{"CSP", OPT_CSP, 's', "Microsoft CSP name"},
|
||||
|
|
|
@ -70,7 +70,7 @@ const OPTIONS smime_options[] = {
|
|||
{"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
|
||||
{"in", OPT_IN, '<', "Input file"},
|
||||
{"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
|
||||
{"inkey", OPT_INKEY, '<',
|
||||
{"inkey", OPT_INKEY, 's',
|
||||
"Input private key (if not signer or recipient)"},
|
||||
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
|
||||
{"out", OPT_OUT, '>', "Output file"},
|
||||
|
|
|
@ -106,7 +106,7 @@ const OPTIONS ts_options[] = {
|
|||
{"reply", OPT_REPLY, '-', "Generate a TS reply"},
|
||||
{"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
|
||||
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
||||
{"inkey", OPT_INKEY, '<', "File with private key for reply"},
|
||||
{"inkey", OPT_INKEY, 's', "File with private key for reply"},
|
||||
{"signer", OPT_SIGNER, 's', "Signer certificate file"},
|
||||
{"chain", OPT_CHAIN, '<', "File with signer CA chain"},
|
||||
{"verify", OPT_VERIFY, '-', "Verify a TS response"},
|
||||
|
|
|
@ -10,7 +10,7 @@ B<openssl> B<pkcs12>
|
|||
[B<-help>]
|
||||
[B<-export>]
|
||||
[B<-chain>]
|
||||
[B<-inkey filename>]
|
||||
[B<-inkey file_or_id>]
|
||||
[B<-certfile filename>]
|
||||
[B<-name name>]
|
||||
[B<-caname name>]
|
||||
|
@ -177,10 +177,12 @@ default. They must all be in PEM format. The order doesn't matter but one
|
|||
private key and its corresponding certificate should be present. If additional
|
||||
certificates are present they will also be included in the PKCS#12 file.
|
||||
|
||||
=item B<-inkey filename>
|
||||
=item B<-inkey file_or_id>
|
||||
|
||||
File to read private key from. If not present then a private key must be present
|
||||
in the input file.
|
||||
If no engine is used, the argument is taken as a file; if an engine is
|
||||
specified, the argument is given to the engine as a key identifier.
|
||||
|
||||
=item B<-name friendlyname>
|
||||
|
||||
|
|
|
@ -54,7 +54,7 @@ B<openssl> B<smime>
|
|||
[B<-recip file>]
|
||||
[B<-inform SMIME|PEM|DER>]
|
||||
[B<-passin arg>]
|
||||
[B<-inkey file>]
|
||||
[B<-inkey file_or_id>]
|
||||
[B<-out file>]
|
||||
[B<-outform SMIME|PEM|DER>]
|
||||
[B<-content file>]
|
||||
|
@ -280,13 +280,15 @@ verification was successful.
|
|||
The recipients certificate when decrypting a message. This certificate
|
||||
must match one of the recipients of the message or an error occurs.
|
||||
|
||||
=item B<-inkey file>
|
||||
=item B<-inkey file_or_id>
|
||||
|
||||
The private key to use when signing or decrypting. This must match the
|
||||
corresponding certificate. If this option is not specified then the
|
||||
private key must be included in the certificate file specified with
|
||||
the B<-recip> or B<-signer> file. When signing this option can be used
|
||||
multiple times to specify successive keys.
|
||||
If no engine is used, the argument is taken as a file; if an engine is
|
||||
specified, the argument is given to the engine as a key identifier.
|
||||
|
||||
=item B<-passin arg>
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ B<-reply>
|
|||
[B<-queryfile> request.tsq]
|
||||
[B<-passin> password_src]
|
||||
[B<-signer> tsa_cert.pem]
|
||||
[B<-inkey> private.pem]
|
||||
[B<-inkey> file_or_id]
|
||||
[B<-sha1|-sha224|-sha256|-sha384|-sha512>]
|
||||
[B<-chain> certs_file.pem]
|
||||
[B<-tspolicy> object_id]
|
||||
|
@ -243,10 +243,12 @@ timeStamping. The extended key usage must also be critical, otherwise
|
|||
the certificate is going to be refused. Overrides the B<signer_cert>
|
||||
variable of the config file. (Optional)
|
||||
|
||||
=item B<-inkey> private.pem
|
||||
=item B<-inkey> file_or_id
|
||||
|
||||
The signer private key of the TSA in PEM format. Overrides the
|
||||
B<signer_key> config file option. (Optional)
|
||||
If no engine is used, the argument is taken as a file; if an engine is
|
||||
specified, the argument is given to the engine as a key identifier.
|
||||
|
||||
=item B<-sha1|-sha224|-sha256|-sha384|-sha512>
|
||||
|
||||
|
|
Loading…
Reference in New Issue