Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / hx509 / hxtool-commands.in
blobec5eb3d4b3bb8df3fc9eb77d113012ba10b71d81
1 /*
2  * Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden). 
4  * All rights reserved. 
5  *
6  * Redistribution and use in source and binary forms, with or without 
7  * modification, are permitted provided that the following conditions 
8  * are met: 
9  *
10  * 1. Redistributions of source code must retain the above copyright 
11  *    notice, this list of conditions and the following disclaimer. 
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright 
14  *    notice, this list of conditions and the following disclaimer in the 
15  *    documentation and/or other materials provided with the distribution. 
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors 
18  *    may be used to endorse or promote products derived from this software 
19  *    without specific prior written permission. 
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
31  * SUCH DAMAGE. 
32  */
33 /* $Heimdal: hxtool-commands.in 21343 2007-06-26 14:21:55Z lha $
34    $NetBSD$ */
36 command = {
37         name = "cms-create-sd"
38         option = {
39                 long = "certificate"
40                 short = "c"
41                 type = "strings"
42                 argument = "certificate-store"
43                 help = "certificate stores to pull certificates from"
44         }
45         option = {
46                 long = "signer"
47                 short = "s"
48                 type = "string"
49                 argument = "signer-friendly-name"
50                 help = "certificate to sign with"
51         }
52         option = {
53                 long = "anchors"
54                 type = "strings"
55                 argument = "certificate-store"
56                 help = "trust anchors"
57         }
58         option = {
59                 long = "pool"
60                 type = "strings"
61                 argument = "certificate-pool"
62                 help = "certificate store to pull certificates from"
63         }
64         option = {
65                 long = "pass"
66                 type = "strings"
67                 argument = "password"
68                 help = "password, prompter, or environment"
69         }
70         option = {
71                 long = "peer-alg"
72                 type = "strings"
73                 argument = "oid"
74                 help = "oid that the peer support"
75         }
76         option = {
77                 long = "content-type"
78                 type = "string"
79                 argument = "oid"
80                 help = "content type oid"
81         }
82         option = {
83                 long = "content-info"
84                 type = "flag"
85                 help = "wrapped out-data in a ContentInfo"
86         }
87         option = {
88                 long = "pem"
89                 type = "flag"
90                 help = "wrap out-data in PEM armor"
91         }
92         option = {
93                 long = "detached-signature"
94                 type = "flag"
95                 help = "create a detached signature"
96         }
97         option = {
98                 long = "id-by-name"
99                 type = "flag"
100                 help = "use subject name for CMS Identifier"
101         }
102         min_args="2"
103         max_args="2"
104         argument="in-file out-file"
105         help = "Wrap a file within a SignedData object"
107 command = {
108         name = "cms-verify-sd"
109         option = {
110                 long = "anchors"
111                 type = "strings"
112                 argument = "certificate-store"
113                 help = "trust anchors"
114         }
115         option = {
116                 long = "certificate"
117                 short = "c"
118                 type = "strings"
119                 argument = "certificate-store"
120                 help = "certificate store to pull certificates from"
121         }
122         option = {
123                 long = "pass"
124                 type = "strings"
125                 argument = "password"
126                 help = "password, prompter, or environment"
127         }
128         option = {
129                 long = "missing-revoke"
130                 type = "flag"
131                 help = "missing CRL/OCSP is ok"
132         }
133         option = {
134                 long = "content-info"
135                 type = "flag"
136                 help = "unwrap in-data that's in a ContentInfo"
137         }
138         option = {
139                 long = "signed-content"
140                 type = "string"
141                 help = "file containing content"
142         }
143         min_args="2"
144         max_args="2"
145         argument="in-file out-file"
146         help = "Verify a file within a SignedData object"
148 command = {
149         name = "cms-unenvelope"
150         option = {
151                 long = "certificate"
152                 short = "c"
153                 type = "strings"
154                 argument = "certificate-store"
155                 help = "certificate used to decrypt the data"
156         }
157         option = {
158                 long = "pass"
159                 type = "strings"
160                 argument = "password"
161                 help = "password, prompter, or environment"
162         }
163         option = {
164                 long = "content-info"
165                 type = "flag"
166                 help = "wrapped out-data in a ContentInfo"
167         }
168         min_args="2"
169         argument="in-file out-file"
170         help = "Unenvelope a file containing a EnvelopedData object"
172 command = {
173         name = "cms-envelope"
174         function = "cms_create_enveloped"
175         option = {
176                 long = "certificate"
177                 short = "c"
178                 type = "strings"
179                 argument = "certificate-store"
180                 help = "certificates used to receive the data"
181         }
182         option = {
183                 long = "pass"
184                 type = "strings"
185                 argument = "password"
186                 help = "password, prompter, or environment"
187         }
188         option = {
189                 long = "encryption-type"
190                 type = "string"
191                 argument = "enctype"
192                 help = "enctype"
193         }
194         option = {
195                 long = "content-type"
196                 type = "string"
197                 argument = "oid"
198                 help = "content type oid"
199         }
200         option = {
201                 long = "content-info"
202                 type = "flag"
203                 help = "wrapped out-data in a ContentInfo"
204         }
205         min_args="2"
206         argument="in-file out-file"
207         help = "Envelope a file containing a EnvelopedData object"
209 command = {
210         name = "verify"
211         function = "pcert_verify"
212         option = {
213                 long = "pass"
214                 type = "strings"
215                 argument = "password"
216                 help = "password, prompter, or environment"
217         }
218         option = {
219                 long = "allow-proxy-certificate"
220                 type = "flag"
221                 help = "allow proxy certificates"
222         }
223         option = {
224                 long = "missing-revoke"
225                 type = "flag"
226                 help = "missing CRL/OCSP is ok"
227         }
228         option = {
229                 long = "time"
230                 type = "string"
231                 help = "time when to validate the chain"
232         }
233         option = {
234                 long = "verbose"
235                 short = "v"
236                 type = "flag"
237                 help = "verbose logging"
238         }
239         option = {
240                 long = "max-depth"
241                 type = "integer"
242                 help = "maximum search length of certificate trust anchor"
243         }
244         option = {
245                 long = "hostname"
246                 type = "string"
247                 help = "match hostname to certificate"
248         }
249         argument = "cert:foo chain:cert1 chain:cert2 anchor:anchor1 anchor:anchor2"
250         help = "Verify certificate chain"
252 command = {
253         name = "print"
254         function = "pcert_print"
255         option = {
256                 long = "pass"
257                 type = "strings"
258                 argument = "password"
259                 help = "password, prompter, or environment"
260         }
261         option = {
262                 long = "content"
263                 type = "flag"
264                 help = "print the content of the certificates"
265         }
266         option = {
267                 long = "info"
268                 type = "flag"
269                 help = "print the information about the certificate store"
270         }
271         min_args="1"
272         argument="certificate ..."
273         help = "Print certificates"
275 command = {
276         name = "validate"
277         function = "pcert_validate"
278         option = {
279                 long = "pass"
280                 type = "strings"
281                 argument = "password"
282                 help = "password, prompter, or environment"
283         }
284         min_args="1"
285         argument="certificate ..."
286         help = "Validate content of certificates"
288 command = {
289         name = "certificate-copy"
290         name = "cc"
291         option = {
292                 long = "in-pass"
293                 type = "strings"
294                 argument = "password"
295                 help = "password, prompter, or environment"
296         }
297         option = {
298                 long = "out-pass"
299                 type = "string"
300                 argument = "password"
301                 help = "password, prompter, or environment"
302         }
303         min_args="2"
304         argument="in-certificates-1 ... out-certificate"
305         help = "Copy in certificates stores into out certificate store"
307 command = {
308         name = "ocsp-fetch"
309         option = {
310                 long = "pass"
311                 type = "strings"
312                 argument = "password"
313                 help = "password, prompter, or environment"
314         }
315         option = {
316                 long = "sign"
317                 type = "string"
318                 argument = "certificate"
319                 help = "certificate use to sign the request"
320         }
321         option = {
322                 long = "url-path"
323                 type = "string"
324                 argument = "url"
325                 help = "part after host in url to put in the request"
326         }
327         option = {
328                 long = "nonce"
329                 type = "-flag"
330                 default = "1"
331                 help = "don't include nonce in request"
332         }
333         option = {
334                 long = "pool"
335                 type = "strings"
336                 argument = "certificate-store"
337                 help = "pool to find parent certificate in"
338         }
339         min_args="2"
340         argument="outfile certs ..."
341         help = "Fetch OCSP responses for the following certs"
343 command = {
344         option = {
345                 long = "ocsp-file"
346                 type = "string"
347                 help = "OCSP file"
348         }
349         name = "ocsp-verify"
350         min_args="1"
351         argument="certificates ..."
352         help = "Check that certificates are in OCSP file and valid"
354 command = {
355         name = "ocsp-print"
356         option = {
357                 long = "verbose"
358                 type = "flag"
359                 help = "verbose"
360         }
361         min_args="1"
362         argument="ocsp-response-file ..."
363         help = "Print the OCSP responses"
365 command = {
366         name = "request-create"
367         option = {
368                 long = "subject"
369                 type = "string"
370                 help = "Subject DN"
371         }
372         option = {
373                 long = "email"
374                 type = "strings"
375                 help = "Email address in SubjectAltName"
376         }
377         option = {
378                 long = "dnsname"
379                 type = "strings"
380                 help = "Hostname or domainname in SubjectAltName"
381         }
382         option = {
383                 long = "type"
384                 type = "string"
385                 help = "Type of request CRMF or PKCS10, defaults to PKCS10"
386         }
387         option = {
388                 long = "key"
389                 type = "string"
390                 help = "Key-pair"
391         }
392         option = {
393                 long = "generate-key"
394                 type = "string"
395                 help = "keytype"
396         }
397         option = {
398                 long = "key-bits"
399                 type = "integer"
400                 help = "number of bits in the generated key";
401         }
402         option = {
403                 long = "verbose"
404                 type = "flag"
405                 help = "verbose status"
406         }
407         min_args="1"
408         max_args="1"
409         argument="output-file"
410         help = "Create a CRMF or PKCS10 request"
412 command = {
413         name = "request-print"
414         option = {
415                 long = "verbose"
416                 type = "flag"
417                 help = "verbose printing"
418         }
419         min_args="1"
420         argument="requests ..."
421         help = "Print requests"
423 command = {
424         name = "query"
425         option = {
426                 long = "exact"
427                 type = "flag"
428                 help = "exact match"
429         }
430         option = {
431                 long = "private-key"
432                 type = "flag"
433                 help = "search for private key"
434         }
435         option = {
436                 long = "friendlyname"
437                 type = "string"
438                 argument = "name"
439                 help = "match on friendly name"
440         }
441         option = {
442                 long = "keyEncipherment"
443                 type = "flag"
444                 help = "match keyEncipherment certificates"
445         }
446         option = {
447                 long = "digitalSignature"
448                 type = "flag"
449                 help = "match digitalSignature certificates"
450         }
451         option = {
452                 long = "print"
453                 type = "flag"
454                 help = "print matches"
455         }
456         option = {
457                 long = "pass"
458                 type = "strings"
459                 argument = "password"
460                 help = "password, prompter, or environment"
461         }
462         min_args="1"
463         argument="certificates ..."
464         help = "Query the certificates for a match"
466 command = {
467         name = "info"
469 command = {
470         name = "random-data"
471         min_args="1"
472         argument="bytes"
473         help = "Generates random bytes and prints them to standard output"
475 command = {
476         option = {
477                 long = "type"
478                 type = "string"
479                 help = "type of CMS algorithm"
480         }
481         name = "crypto-available"
482         min_args="0"
483         help = "Print available CMS crypto types"
485 command = {
486         option = {
487                 long = "type"
488                 type = "string"
489                 help = "type of CMS algorithm"
490         }
491         option = {
492                 long = "certificate"
493                 type = "string"
494                 help = "source certificate limiting the choices"
495         }
496         option = {
497                 long = "peer-cmstype"
498                 type = "strings"
499                 help = "peer limiting cmstypes"
500         }
501         name = "crypto-select"
502         min_args="0"
503         help = "Print selected CMS type"
505 command = {
506         option = {
507                 long = "decode"
508                 short = "d"
509                 type = "flag"
510                 help = "decode instead of encode"
511         }
512         name = "hex"
513         function = "hxtool_hex"
514         min_args="0"
515         help = "Encode input to hex"
517 command = {
518         option = {
519                 long = "issue-ca"
520                 type = "flag"
521                 help = "Issue a CA certificate"
522         }
523         option = {
524                 long = "issue-proxy"
525                 type = "flag"
526                 help = "Issue a proxy certificate"
527         }
528         option = {
529                 long = "domain-controller"
530                 type = "flag"
531                 help = "Issue a MS domaincontroller certificate"
532         }
533         option = {
534                 long = "subject"
535                 type = "string"
536                 help = "Subject of issued certificate"
537         }
538         option = {
539                 long = "ca-certificate"
540                 type = "string"
541                 help = "Issuing CA certificate"
542         }
543         option = {
544                 long = "self-signed"
545                 type = "flag"
546                 help = "Issuing a self-signed certificate"
547         }
548         option = {
549                 long = "ca-private-key"
550                 type = "string"
551                 help = "Private key for self-signed certificate"
552         }
553         option = {
554                 long = "certificate"
555                 type = "string"
556                 help = "Issued certificate"
557         }
558         option = {
559                 long = "type"
560                 type = "strings"
561                 help = "Type of certificate to issue"
562         }
563         option = {
564                 long = "lifetime"
565                 type = "string"
566                 help = "Lifetime of certificate"
567         }
568         option = {
569                 long = "serial-number"
570                 type = "string"
571                 help = "serial-number of certificate"
572         }
573         option = {
574                 long = "path-length"
575                 default = "-1"
576                 type = "integer"
577                 help = "Maximum path length (CA and proxy certificates), -1 no limit"
578         }
579         option = {
580                 long = "hostname"
581                 type = "strings"
582                 help = "DNS names this certificate is allowed to serve"
583         }
584         option = {
585                 long = "email"
586                 type = "strings"
587                 help = "email addresses assigned to this certificate"
588         }
589         option = {
590                 long = "pk-init-principal"
591                 type = "string"
592                 help = "PK-INIT principal (for SAN)"
593         }
594         option = {
595                 long = "ms-upn"
596                 type = "string"
597                 help = "Microsoft UPN (for SAN)"
598         }
599         option = {
600                 long = "jid"
601                 type = "string"
602                 help = "XMPP jabber id (for SAN)"
603         }
604         option = {
605                 long = "req"
606                 type = "string"
607                 help = "certificate request"
608         }
609         option = {
610                 long = "certificate-private-key"
611                 type = "string"
612                 help = "private-key"
613         }
614         option = {
615                 long = "generate-key"
616                 type = "string"
617                 help = "keytype"
618         }
619         option = {
620                 long = "key-bits"
621                 type = "integer"
622                 help = "number of bits in the generated key"
623         }
624         option = {
625                 long = "crl-uri"
626                 type = "string"
627                 help = "URI to CRL"
628         }
629         option = {
630                 long = "template-certificate"
631                 type = "string"
632                 help = "certificate"
633         }
634         option = {
635                 long = "template-fields"
636                 type = "string"
637                 help = "flag"
638         }
639         name = "certificate-sign"
640         name = "cert-sign"
641         name = "issue-certificate"
642         name = "ca"
643         function = "hxtool_ca"
644         min_args="0"
645         help = "Issue a certificate"
647 command = {
648         name = "test-crypto"
649         option = {
650                 long = "pass"
651                 type = "strings"
652                 argument = "password"
653                 help = "password, prompter, or environment"
654         }
655         option = {
656                 long = "verbose"
657                 type = "flag"
658                 help = "verbose printing"
659         }
660         min_args="1"
661         argument="certificates..."
662         help = "Test crypto system related to the certificates"
664 command = {
665         option = {
666                 long = "type"
667                 type = "integer"
668                 help = "type of statistics"
669         }
670         name = "statistic-print"
671         min_args="0"
672         help = "Print statistics"
674 command = {
675         option = {
676                 long = "signer"
677                 type = "string"
678                 help = "signer certificate"
679         }
680         option = {
681                 long = "pass"
682                 type = "strings"
683                 argument = "password"
684                 help = "password, prompter, or environment"
685         }
686         option = {
687                 long = "crl-file"
688                 type = "string"
689                 help = "CRL output file"
690         }
691         option = {
692                 long = "lifetime"
693                 type = "string"
694                 help = "time the crl will be valid"
695         }
696         name = "crl-sign"
697         min_args="0"
698         argument="certificates..."
699         help = "Create a CRL"
701 command = {
702         name = "help"
703         name = "?"
704         argument = "[command]"
705         min_args = "0"
706         max_args = "1"
707         help = "Help! I need somebody"