prog-desc = "Manipulate certificates and private keys.";
detail = "Tool to parse and generate X.509 certificates, requests and private keys.
It can be used interactively or non interactively by
-specifying the template command line option.";
+specifying the template command line option.
+
+The tool accepts files or URLs supported by GnuTLS. In case PIN is required for the URL
+access you can provide it using the environment variables GNUTLS_PIN and GNUTLS_SO_PIN.
+";
short-usage = "certtool [options]\ncerttool --help for usage instructions.\n";
explain = "";
name = load-request;
descrip = "Loads a certificate request file";
arg-type = string;
- doc = "";
+ doc = "This option can be used with a file";
};
flag = {
name = load-certificate;
descrip = "Loads a certificate file";
arg-type = string;
- doc = "This can be either a file or a PKCS #11 URL";
+ doc = "This option can be used with a file";
};
flag = {
name = load-ca-certificate;
descrip = "Loads the certificate authority's certificate file";
arg-type = string;
- doc = "This can be either a file or a PKCS #11 URL";
+ doc = "This option can be used with a file";
};
flag = {
};
flag = {
+ name = curve;
+ arg-type = string;
+ descrip = "Specify the curve used for EC key generation";
+ doc = "Supported values are secp192r1, secp224r1, secp256r1, secp384r1 and secp521r1.";
+};
+
+flag = {
name = sec-param;
arg-type = string;
arg-name = "Security parameter";
# Whether this is a CA certificate or not
#ca
+# Subject Unique ID (in hex)
+#subject_unique_id = 00153224
+
+# Issuer Unique ID (in hex)
+#issuer_unique_id = 00153225
+
# for microsoft smart card logon
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2