openssl pkcs12

用途:
pkcs12命令能生成和分析pkcs12文件
语法:
openssl pkcs12
[-export] [-chain] [-inkey filename] [-certfile filename] [-CApath arg] [-CAfile arg]
[-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver]
[-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-noiter] [-maciter] [-nomaciter] [-nomac]
[-twopass] [-descert] [-certpbe alg] [-keypbe alg] [-macalg digest] [-keyex] [-keysig]
[-password arg] [-passin arg] [-passout arg] [-rand file(s)] [-LMK] [-CSP name][-engine e]
[-des] [-des3] [-aes128] [-aes192] [-aes256] [-idea]
[-camellia128] [-camellia192] [-camellia256] [-nodes]
参数说明:
-export output PKCS12 file
-chain add certificate chain //添加证书链
-inkey file private key if not infile
-certfile f add all certs in f
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
-name "name" use name as friendly name //起别名
-caname "nm" use nm as CA friendly name (can be used more than once).
-in infile input filename
-out outfile output filename
-noout don't output anything, just verify. //只需要验证即可
-nomacver don't verify MAC. //不校验mac
-nocerts don't output certificates.
-clcerts only output client certificates. //输出客户端证书
-cacerts only output CA certificates. //输出CA证书
-nokeys don't output private keys.
-info give info about PKCS#12 structure.
-des encrypt private keys with DES //输出des
-des3 encrypt private keys with triple DES (default) //输出des3
-seed encrypt private keys with seed //用种子加密私钥
-aes128, -aes192, -aes256 encrypt PEM output with cbc aes
-camellia128, -camellia192, -camellia256
encrypt PEM output with cbc camellia
-nodes don't encrypt private keys
-noiter don't use encryption iteration
-nomaciter don't use MAC iteration
-maciter use MAC iteration //产生MAC迭代
-nomac don't generate MAC //不产生MAC
-twopass separate MAC, encryption passwords //分离MAC,加密密码
-descert encrypt PKCS#12 certificates with triple DES (default RC2-40) //用des加密
-certpbe alg specify certificate PBE algorithm (default RC2-40) //特别的PKCS#12算法
-keypbe alg specify private key PBE algorithm (default 3DES) //特别的pbe算法
-macalg alg digest algorithm used in MAC (default SHA1)
-keyex set MS key exchange type
-keysig set MS key signature type
-password p set import/export password source //输入和密码源码
-passin p input file pass phrase source //输入源码
-passout p output file pass phrase source //输出源码
-engine e use engine e, possibly a hardware device. //使用外部设备
-rand file:file:...
load the file (or the files in the directory) into
the random number generator //加随机数
-CSP name Microsoft CSP name
-LMK Add local machine keyset attribute to private key //本地主密钥

 

posted @ 2018-04-11 16:13  艾小小雨  阅读(3327)  评论(0编辑  收藏  举报