#{ /* C declarations */ #include #ifdef _WIN32 # include #endif #include "certtool-common.h" #} helpnode "Certtool help\nUsage: certtool [options]" #int privkey_op; #int action; option (s, generate-self-signed) { $action=ACTION_SELF_SIGNED; } "Generate a self-signed certificate." option (c, generate-certificate) { $action=ACTION_GENERATE_CERTIFICATE; } "Generate a signed certificate." option (generate-proxy) { $action=ACTION_GENERATE_PROXY; } "Generate a proxy certificate." option (generate-crl) { $action=ACTION_GENERATE_CRL; } "Generate a CRL." option (u, update-certificate) { $action=ACTION_UPDATE_CERTIFICATE; } "Update a signed certificate." option (p, generate-privkey) { $privkey_op=1; $action=ACTION_GENERATE_PRIVKEY; } "Generate a private key." option (q, generate-request) { $privkey_op=1; $action=ACTION_GENERATE_REQUEST; } "Generate a PKCS #10 certificate request." option (e, verify-chain) { $action=ACTION_VERIFY_CHAIN; } "Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one." option (verify) { $action=ACTION_VERIFY; } "Verify a PEM encoded certificate chain. CA certificates must be loaded with --load-ca-certificate." option (verify-crl) { $action=ACTION_VERIFY_CRL; } "Verify a CRL." option (generate-dh-params) { $action=ACTION_GENERATE_DH; } "Generate PKCS #3 encoded Diffie-Hellman parameters." option (get-dh-params) { $action=ACTION_GET_DH; } "Get the included PKCS #3 encoded Diffie-Hellman parameters." #char *privkey; option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use." #char *pubkey; option (load-pubkey) STR "FILE" { $pubkey = $1 } "Private key file to use." #char *request; option (load-request) STR "FILE" { $request = $1 } "Certificate request file to use." #char *cert; option (load-certificate) STR "FILE" { $cert = $1 } "Certificate file to use." #char *ca_privkey; option (load-ca-privkey) STR "FILE" { $ca_privkey = $1 } "Certificate authority's private key file to use." #char *ca; option (load-ca-certificate) STR "FILE" { $ca = $1 } "Certificate authority's certificate file to use." #char *pass; option (password) STR "PASSWORD" { $pass = $1 } "Password to use." option (i, certificate-info) { $action = ACTION_CERT_INFO; } "Print information on a certificate." option (certificate-pubkey) { $action = ACTION_CERT_PUBKEY; } "Print certificate public key." option (pgp-certificate-info) { $action = ACTION_PGP_INFO; } "Print information on a OpenPGP certificate." option (pgp-ring-info) { $action = ACTION_RING_INFO; } "Print information on a keyring structure." option (l, crl-info) { $action = ACTION_CRL_INFO; } "Print information on a CRL." option (crq-info) { $action = ACTION_REQUEST; } "Print information on a Certificate Request." #int crq_extensions; option (no-crq-extensions) { $crq_extensions = 0; } "Do not use extensions in certificate requests." option (p12-info) { $action = ACTION_PKCS12_INFO; } "Print information on a PKCS #12 structure." option (p7-info) { $action = ACTION_P7_INFO; } "Print information on a PKCS #7 structure." option (smime-to-p7) { $action = ACTION_SMIME_TO_P7; } "Convert S/MIME to PKCS #7 structure." /* on private key operations set $privkey_op to != 0 */ option (k, key-info) { $privkey_op=1; $action = ACTION_PRIVKEY_INFO; } "Print information on a private key." option (pgp-key-info) { $privkey_op=1; $action = ACTION_PGP_PRIVKEY_INFO; } "Print information on a OpenPGP private key." option (pubkey-info) { $action = ACTION_PUBKEY_INFO; } "Print information on a public key." #int fix_key; option (fix-key) { $privkey_op=1; $fix_key = 1; } "Regenerate the parameters in a private key." #int v1_cert; option (v1) { $v1_cert = 1; } "Generate an X.509 version 1 certificate (no extensions)." option (to-p12) { $action = ACTION_TO_PKCS12; } "Generate a PKCS #12 structure." option (to-p8) { $action = ACTION_GENERATE_PKCS8; } "Generate a PKCS #8 key structure." #int pkcs8; option (8, pkcs8) { $pkcs8=1 } "Use PKCS #8 format for private keys." #int dsa; option (dsa) { $dsa=1 } "Use DSA keys." #int ecc; option (ecc) { $ecc=1 } "Use ECC (ECDSA) keys." #char *hash; option (hash) STR "STR" { $hash = $1 } "Hash algorithm to use for signing (MD5,SHA1,RMD160,SHA256,SHA384,SHA512)." #int export; option (export-ciphers) { $export=1 } "Use weak encryption algorithms." #int incert_format; option (inder) { $incert_format=1 } "Use DER format for input certificates and private keys." option (inraw) { $incert_format=1 } "Use RAW/DER format for input certificates and private keys." #int outcert_format; option (outder) { $outcert_format=1 } "Use DER format for output certificates and private keys." option (outraw) { $outcert_format=1 } "Use RAW/DER format for output certificates and private keys." #int bits; option (bits) INT "BITS" { $bits = $1 } "specify the number of bits for key generation." #char* sec_param; option (sec-param) STR "PARAM" { $sec_param = $1 } "specify the security level [low|normal|high|ultra]." #int quick_random; option (disable-quick-random) { $quick_random = 0; } "Use /dev/random for key generationg, thus increasing the quality of randomness used." #char *outfile; option (outfile) STR "FILE" { $outfile = $1 } "Output file." #char *infile; option (infile) STR "FILE" { $infile = $1 } "Input file." #char *template; option (template) STR "FILE" { $template = $1 } "Template file to use for non interactive operation." #char *pkcs_cipher; option (pkcs-cipher) STR "CIPHER" { $pkcs_cipher = $1 } "Cipher to use for pkcs operations (3des,3des-pkcs12,aes-128,aes-192,aes-256,rc2-40,arcfour)." #int debug; option (d, debug) INT "LEVEL" { $debug = $1 } "specify the debug level. Default is 1." option (h, help) { gaa_help(); exit(0); } "shows this help text" option (v, version) { certtool_version(); exit(0); } "shows the program's version" init { $bits = 0; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $v1_cert = 0; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=1; $privkey_op = 0; $pkcs_cipher = "aes-128"; $crq_extensions=1; $ecc=0; }