openssl pkcs12

用途：

pkcs12命令能生成和分析pkcs12文件

語法：

openssl pkcs12

[-export] [-chain] [-inkey filename] [-certfile filename] [-CApath arg] [-CAfile arg]

[-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver]

[-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-noiter] [-maciter] [-nomaciter] [-nomac]

[-twopass] [-descert] [-certpbe alg] [-keypbe alg] [-macalg digest] [-keyex] [-keysig]

[-password arg] [-passin arg] [-passout arg] [-rand file(s)] [-LMK] [-CSP name][-engine e]

[-des] [-des3] [-aes128] [-aes192] [-aes256] [-idea]

[-camellia128] [-camellia192] [-camellia256] [-nodes]

參數說明：

-export output PKCS12 file

-chain add certificate chain //添加證書鏈

-inkey file private key if not infile

-certfile f add all certs in f

-CApath arg - PEM format directory of CA's

-CAfile arg - PEM format file of CA's

-name "name" use name as friendly name //起別名

-caname "nm" use nm as CA friendly name (can be used more than once).

-in infile input filename

-out outfile output filename

-noout don't output anything, just verify. //只需要驗證即可

-nomacver don't verify MAC. //不校驗mac

-nocerts don't output certificates.

-clcerts only output client certificates. //輸出客戶端證書

-cacerts only output CA certificates. //輸出CA證書

-nokeys don't output private keys.

-info give info about PKCS#12 structure.

-des encrypt private keys with DES //輸出des

-des3 encrypt private keys with triple DES (default) //輸出des3

-seed encrypt private keys with seed //用種子加密私鑰

-aes128, -aes192, -aes256 encrypt PEM output with cbc aes

-camellia128, -camellia192, -camellia256

encrypt PEM output with cbc camellia

-nodes don't encrypt private keys

-noiter don't use encryption iteration

-nomaciter don't use MAC iteration

-maciter use MAC iteration //產生MAC迭代

-nomac don't generate MAC //不產生MAC

-twopass separate MAC, encryption passwords //分離MAC,加密密碼

-descert encrypt PKCS#12 certificates with triple DES (default RC2-40) //用des加密

-certpbe alg specify certificate PBE algorithm (default RC2-40) //特別的PKCS#12算法

-keypbe alg specify private key PBE algorithm (default 3DES) //特別的pbe算法

-macalg alg digest algorithm used in MAC (default SHA1)

-keyex set MS key exchange type

-keysig set MS key signature type

-password p set import/export password source //輸入和密碼源碼

-passin p input file pass phrase source //輸入源碼

-passout p output file pass phrase source //輸出源碼

-engine e use engine e, possibly a hardware device. //使用外部設備

-rand file:file:...

load the file (or the files in the directory) into

the random number generator //加隨機數

-CSP name Microsoft CSP name

-LMK Add local machine keyset attribute to private key //本地主密鑰

 

openssl系列命令大綱： http://www.cnblogs.com/aixiaoxiaoyu/p/8650180.html