Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

hxtool-commands.in@ 5

Last change on this file since 5 was 1, checked in by Paul Smedley, 10 years ago
Initial commit of Heimdal 1.5.3
File size: 15.3 KB

Line
1	/*
2	* Copyright (c) 2005 - 2007 Kungliga Tekniska HÃ¶gskolan
3	* (Royal Institute of Technology, Stockholm, Sweden).
4	* All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	*
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	*
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* 3. Neither the name of the Institute nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33	/* $Id$ */
34
35	command = {
36	name = "cms-create-sd"
37	name = "cms-sign"
38	option = {
39	long = "certificate"
40	short = "c"
41	type = "strings"
42	argument = "certificate-store"
43	help = "certificate stores to pull certificates from"
44	}
45	option = {
46	long = "signer"
47	short = "s"
48	type = "string"
49	argument = "signer-friendly-name"
50	help = "certificate to sign with"
51	}
52	option = {
53	long = "anchors"
54	type = "strings"
55	argument = "certificate-store"
56	help = "trust anchors"
57	}
58	option = {
59	long = "pool"
60	type = "strings"
61	argument = "certificate-pool"
62	help = "certificate store to pull certificates from"
63	}
64	option = {
65	long = "pass"
66	type = "strings"
67	argument = "password"
68	help = "password, prompter, or environment"
69	}
70	option = {
71	long = "peer-alg"
72	type = "strings"
73	argument = "oid"
74	help = "oid that the peer support"
75	}
76	option = {
77	long = "content-type"
78	type = "string"
79	argument = "oid"
80	help = "content type oid"
81	}
82	option = {
83	long = "content-info"
84	type = "flag"
85	help = "wrapped out-data in a ContentInfo"
86	}
87	option = {
88	long = "pem"
89	type = "flag"
90	help = "wrap out-data in PEM armor"
91	}
92	option = {
93	long = "detached-signature"
94	type = "flag"
95	help = "create a detached signature"
96	}
97	option = {
98	long = "signer"
99	type = "-flag"
100	help = "do not sign"
101	}
102	option = {
103	long = "id-by-name"
104	type = "flag"
105	help = "use subject name for CMS Identifier"
106	}
107	option = {
108	long = "embedded-certs"
109	type = "-flag"
110	help = "dont embedded certficiates"
111	}
112	option = {
113	long = "embed-leaf-only"
114	type = "flag"
115	help = "only embed leaf certificate"
116	}
117	min_args="1"
118	max_args="2"
119	argument="in-file out-file"
120	help = "Wrap a file within a SignedData object"
121	}
122	command = {
123	name = "cms-verify-sd"
124	option = {
125	long = "anchors"
126	short = "D"
127	type = "strings"
128	argument = "certificate-store"
129	help = "trust anchors"
130	}
131	option = {
132	long = "certificate"
133	short = "c"
134	type = "strings"
135	argument = "certificate-store"
136	help = "certificate store to pull certificates from"
137	}
138	option = {
139	long = "pass"
140	type = "strings"
141	argument = "password"
142	help = "password, prompter, or environment"
143	}
144	option = {
145	long = "missing-revoke"
146	type = "flag"
147	help = "missing CRL/OCSP is ok"
148	}
149	option = {
150	long = "content-info"
151	type = "flag"
152	help = "unwrap in-data that's in a ContentInfo"
153	}
154	option = {
155	long = "pem"
156	type = "flag"
157	help = "unwrap in-data from PEM armor"
158	}
159	option = {
160	long = "signer-allowed"
161	type = "-flag"
162	help = "allow no signer"
163	}
164	option = {
165	long = "allow-wrong-oid"
166	type = "flag"
167	help = "allow wrong oid flag"
168	}
169	option = {
170	long = "signed-content"
171	type = "string"
172	help = "file containing content"
173	}
174	min_args="1"
175	max_args="2"
176	argument="in-file [out-file]"
177	help = "Verify a file within a SignedData object"
178	}
179	command = {
180	name = "cms-unenvelope"
181	option = {
182	long = "certificate"
183	short = "c"
184	type = "strings"
185	argument = "certificate-store"
186	help = "certificate used to decrypt the data"
187	}
188	option = {
189	long = "pass"
190	type = "strings"
191	argument = "password"
192	help = "password, prompter, or environment"
193	}
194	option = {
195	long = "content-info"
196	type = "flag"
197	help = "wrapped out-data in a ContentInfo"
198	}
199	option = {
200	long = "allow-weak-crypto"
201	type = "flag"
202	help = "allow weak crypto"
203	}
204	min_args="2"
205	argument="in-file out-file"
206	help = "Unenvelope a file containing a EnvelopedData object"
207	}
208	command = {
209	name = "cms-envelope"
210	function = "cms_create_enveloped"
211	option = {
212	long = "certificate"
213	short = "c"
214	type = "strings"
215	argument = "certificate-store"
216	help = "certificates used to receive the data"
217	}
218	option = {
219	long = "pass"
220	type = "strings"
221	argument = "password"
222	help = "password, prompter, or environment"
223	}
224	option = {
225	long = "encryption-type"
226	type = "string"
227	argument = "enctype"
228	help = "enctype"
229	}
230	option = {
231	long = "content-type"
232	type = "string"
233	argument = "oid"
234	help = "content type oid"
235	}
236	option = {
237	long = "content-info"
238	type = "flag"
239	help = "wrapped out-data in a ContentInfo"
240	}
241	option = {
242	long = "allow-weak-crypto"
243	type = "flag"
244	help = "allow weak crypto"
245	}
246	min_args="2"
247	argument="in-file out-file"
248	help = "Envelope a file containing a EnvelopedData object"
249	}
250	command = {
251	name = "verify"
252	function = "pcert_verify"
253	option = {
254	long = "pass"
255	type = "strings"
256	argument = "password"
257	help = "password, prompter, or environment"
258	}
259	option = {
260	long = "allow-proxy-certificate"
261	type = "flag"
262	help = "allow proxy certificates"
263	}
264	option = {
265	long = "missing-revoke"
266	type = "flag"
267	help = "missing CRL/OCSP is ok"
268	}
269	option = {
270	long = "time"
271	type = "string"
272	help = "time when to validate the chain"
273	}
274	option = {
275	long = "verbose"
276	short = "v"
277	type = "flag"
278	help = "verbose logging"
279	}
280	option = {
281	long = "max-depth"
282	type = "integer"
283	help = "maximum search length of certificate trust anchor"
284	}
285	option = {
286	long = "hostname"
287	type = "string"
288	help = "match hostname to certificate"
289	}
290	argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
291	help = "Verify certificate chain"
292	}
293	command = {
294	name = "print"
295	function = "pcert_print"
296	option = {
297	long = "pass"
298	type = "strings"
299	argument = "password"
300	help = "password, prompter, or environment"
301	}
302	option = {
303	long = "content"
304	type = "flag"
305	help = "print the content of the certificates"
306	}
307	option = {
308	long = "never-fail"
309	type = "flag"
310	help = "never fail with an error code"
311	}
312	option = {
313	long = "info"
314	type = "flag"
315	help = "print the information about the certificate store"
316	}
317	min_args="1"
318	argument="certificate ..."
319	help = "Print certificates"
320	}
321	command = {
322	name = "validate"
323	function = "pcert_validate"
324	option = {
325	long = "pass"
326	type = "strings"
327	argument = "password"
328	help = "password, prompter, or environment"
329	}
330	min_args="1"
331	argument="certificate ..."
332	help = "Validate content of certificates"
333	}
334	command = {
335	name = "certificate-copy"
336	name = "cc"
337	option = {
338	long = "in-pass"
339	type = "strings"
340	argument = "password"
341	help = "password, prompter, or environment"
342	}
343	option = {
344	long = "out-pass"
345	type = "string"
346	argument = "password"
347	help = "password, prompter, or environment"
348	}
349	min_args="2"
350	argument="in-certificates-1 ... out-certificate"
351	help = "Copy in certificates stores into out certificate store"
352	}
353	command = {
354	name = "ocsp-fetch"
355	option = {
356	long = "pass"
357	type = "strings"
358	argument = "password"
359	help = "password, prompter, or environment"
360	}
361	option = {
362	long = "sign"
363	type = "string"
364	argument = "certificate"
365	help = "certificate use to sign the request"
366	}
367	option = {
368	long = "url-path"
369	type = "string"
370	argument = "url"
371	help = "part after host in url to put in the request"
372	}
373	option = {
374	long = "nonce"
375	type = "-flag"
376	default = "1"
377	help = "don't include nonce in request"
378	}
379	option = {
380	long = "pool"
381	type = "strings"
382	argument = "certificate-store"
383	help = "pool to find parent certificate in"
384	}
385	min_args="2"
386	argument="outfile certs ..."
387	help = "Fetch OCSP responses for the following certs"
388	}
389	command = {
390	option = {
391	long = "ocsp-file"
392	type = "string"
393	help = "OCSP file"
394	}
395	name = "ocsp-verify"
396	min_args="1"
397	argument="certificates ..."
398	help = "Check that certificates are in OCSP file and valid"
399	}
400	command = {
401	name = "ocsp-print"
402	option = {
403	long = "verbose"
404	type = "flag"
405	help = "verbose"
406	}
407	min_args="1"
408	argument="ocsp-response-file ..."
409	help = "Print the OCSP responses"
410	}
411	command = {
412	name = "request-create"
413	option = {
414	long = "subject"
415	type = "string"
416	help = "Subject DN"
417	}
418	option = {
419	long = "email"
420	type = "strings"
421	help = "Email address in SubjectAltName"
422	}
423	option = {
424	long = "dnsname"
425	type = "strings"
426	help = "Hostname or domainname in SubjectAltName"
427	}
428	option = {
429	long = "type"
430	type = "string"
431	help = "Type of request CRMF or PKCS10, defaults to PKCS10"
432	}
433	option = {
434	long = "key"
435	type = "string"
436	help = "Key-pair"
437	}
438	option = {
439	long = "generate-key"
440	type = "string"
441	help = "keytype"
442	}
443	option = {
444	long = "key-bits"
445	type = "integer"
446	help = "number of bits in the generated key";
447	}
448	option = {
449	long = "verbose"
450	type = "flag"
451	help = "verbose status"
452	}
453	min_args="1"
454	max_args="1"
455	argument="output-file"
456	help = "Create a CRMF or PKCS10 request"
457	}
458	command = {
459	name = "request-print"
460	option = {
461	long = "verbose"
462	type = "flag"
463	help = "verbose printing"
464	}
465	min_args="1"
466	argument="requests ..."
467	help = "Print requests"
468	}
469	command = {
470	name = "query"
471	option = {
472	long = "exact"
473	type = "flag"
474	help = "exact match"
475	}
476	option = {
477	long = "private-key"
478	type = "flag"
479	help = "search for private key"
480	}
481	option = {
482	long = "friendlyname"
483	type = "string"
484	argument = "name"
485	help = "match on friendly name"
486	}
487	option = {
488	long = "eku"
489	type = "string"
490	argument = "oid-string"
491	help = "match on EKU"
492	}
493	option = {
494	long = "expr"
495	type = "string"
496	argument = "expression"
497	help = "match on expression"
498	}
499	option = {
500	long = "keyEncipherment"
501	type = "flag"
502	help = "match keyEncipherment certificates"
503	}
504	option = {
505	long = "digitalSignature"
506	type = "flag"
507	help = "match digitalSignature certificates"
508	}
509	option = {
510	long = "print"
511	type = "flag"
512	help = "print matches"
513	}
514	option = {
515	long = "pass"
516	type = "strings"
517	argument = "password"
518	help = "password, prompter, or environment"
519	}
520	min_args="1"
521	argument="certificates ..."
522	help = "Query the certificates for a match"
523	}
524	command = {
525	name = "info"
526	}
527	command = {
528	name = "random-data"
529	min_args="1"
530	argument="bytes"
531	help = "Generates random bytes and prints them to standard output"
532	}
533	command = {
534	option = {
535	long = "type"
536	type = "string"
537	help = "type of CMS algorithm"
538	}
539	name = "crypto-available"
540	min_args="0"
541	help = "Print available CMS crypto types"
542	}
543	command = {
544	option = {
545	long = "type"
546	type = "string"
547	help = "type of CMS algorithm"
548	}
549	option = {
550	long = "certificate"
551	type = "string"
552	help = "source certificate limiting the choices"
553	}
554	option = {
555	long = "peer-cmstype"
556	type = "strings"
557	help = "peer limiting cmstypes"
558	}
559	name = "crypto-select"
560	min_args="0"
561	help = "Print selected CMS type"
562	}
563	command = {
564	option = {
565	long = "decode"
566	short = "d"
567	type = "flag"
568	help = "decode instead of encode"
569	}
570	name = "hex"
571	function = "hxtool_hex"
572	min_args="0"
573	help = "Encode input to hex"
574	}
575	command = {
576	option = {
577	long = "issue-ca"
578	type = "flag"
579	help = "Issue a CA certificate"
580	}
581	option = {
582	long = "issue-proxy"
583	type = "flag"
584	help = "Issue a proxy certificate"
585	}
586	option = {
587	long = "domain-controller"
588	type = "flag"
589	help = "Issue a MS domaincontroller certificate"
590	}
591	option = {
592	long = "subject"
593	type = "string"
594	help = "Subject of issued certificate"
595	}
596	option = {
597	long = "ca-certificate"
598	type = "string"
599	help = "Issuing CA certificate"
600	}
601	option = {
602	long = "self-signed"
603	type = "flag"
604	help = "Issuing a self-signed certificate"
605	}
606	option = {
607	long = "ca-private-key"
608	type = "string"
609	help = "Private key for self-signed certificate"
610	}
611	option = {
612	long = "certificate"
613	type = "string"
614	help = "Issued certificate"
615	}
616	option = {
617	long = "type"
618	type = "strings"
619	help = "Types of certificate to issue (can be used more then once)"
620	}
621	option = {
622	long = "lifetime"
623	type = "string"
624	help = "Lifetime of certificate"
625	}
626	option = {
627	long = "serial-number"
628	type = "string"
629	help = "serial-number of certificate"
630	}
631	option = {
632	long = "path-length"
633	default = "-1"
634	type = "integer"
635	help = "Maximum path length (CA and proxy certificates), -1 no limit"
636	}
637	option = {
638	long = "hostname"
639	type = "strings"
640	help = "DNS names this certificate is allowed to serve"
641	}
642	option = {
643	long = "email"
644	type = "strings"
645	help = "email addresses assigned to this certificate"
646	}
647	option = {
648	long = "pk-init-principal"
649	type = "string"
650	help = "PK-INIT principal (for SAN)"
651	}
652	option = {
653	long = "ms-upn"
654	type = "string"
655	help = "Microsoft UPN (for SAN)"
656	}
657	option = {
658	long = "jid"
659	type = "string"
660	help = "XMPP jabber id (for SAN)"
661	}
662	option = {
663	long = "req"
664	type = "string"
665	help = "certificate request"
666	}
667	option = {
668	long = "certificate-private-key"
669	type = "string"
670	help = "private-key"
671	}
672	option = {
673	long = "generate-key"
674	type = "string"
675	help = "keytype"
676	}
677	option = {
678	long = "key-bits"
679	type = "integer"
680	help = "number of bits in the generated key"
681	}
682	option = {
683	long = "crl-uri"
684	type = "string"
685	help = "URI to CRL"
686	}
687	option = {
688	long = "template-certificate"
689	type = "string"
690	help = "certificate"
691	}
692	option = {
693	long = "template-fields"
694	type = "string"
695	help = "flag"
696	}
697	name = "certificate-sign"
698	name = "cert-sign"
699	name = "issue-certificate"
700	name = "ca"
701	function = "hxtool_ca"
702	min_args="0"
703	help = "Issue a certificate"
704	}
705	command = {
706	name = "test-crypto"
707	option = {
708	long = "pass"
709	type = "strings"
710	argument = "password"
711	help = "password, prompter, or environment"
712	}
713	option = {
714	long = "verbose"
715	type = "flag"
716	help = "verbose printing"
717	}
718	min_args="1"
719	argument="certificates..."
720	help = "Test crypto system related to the certificates"
721	}
722	command = {
723	option = {
724	long = "type"
725	type = "integer"
726	help = "type of statistics"
727	}
728	name = "statistic-print"
729	min_args="0"
730	help = "Print statistics"
731	}
732	command = {
733	option = {
734	long = "signer"
735	type = "string"
736	help = "signer certificate"
737	}
738	option = {
739	long = "pass"
740	type = "strings"
741	argument = "password"
742	help = "password, prompter, or environment"
743	}
744	option = {
745	long = "crl-file"
746	type = "string"
747	help = "CRL output file"
748	}
749	option = {
750	long = "lifetime"
751	type = "string"
752	help = "time the crl will be valid"
753	}
754	name = "crl-sign"
755	min_args="0"
756	argument="certificates..."
757	help = "Create a CRL"
758	}
759	command = {
760	name = "help"
761	name = "?"
762	argument = "[command]"
763	min_args = "0"
764	max_args = "1"
765	help = "Help! I need somebody"
766	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format