diff options
Diffstat (limited to 'upstream/debian-unstable/man1/openssl-pkcs12.1ssl')
| -rw-r--r-- | upstream/debian-unstable/man1/openssl-pkcs12.1ssl | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/upstream/debian-unstable/man1/openssl-pkcs12.1ssl b/upstream/debian-unstable/man1/openssl-pkcs12.1ssl index f2d6a677..27433b0f 100644 --- a/upstream/debian-unstable/man1/openssl-pkcs12.1ssl +++ b/upstream/debian-unstable/man1/openssl-pkcs12.1ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL-PKCS12 1SSL" -.TH OPENSSL-PKCS12 1SSL 2024-02-03 3.1.5 OpenSSL +.TH OPENSSL-PKCS12 1SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -132,7 +132,9 @@ PKCS#12 output (export) options: [\fB\-noiter\fR] [\fB\-nomaciter\fR] [\fB\-maciter\fR] +[\fB\-macsaltlen\fR] [\fB\-nomac\fR] +[\fB\-jdktrust\fR \fIusage\fR] .SH DESCRIPTION .IX Header "DESCRIPTION" This command allows PKCS#12 files (sometimes referred to as @@ -390,11 +392,24 @@ option. .IX Item "-maciter" This option is included for compatibility with previous versions, it used to be needed to use MAC iterations counts but they are now used by default. +.IP \fB\-macsaltlen\fR 4 +.IX Item "-macsaltlen" +This option specifies the salt length in bytes for the MAC. The salt length +should be at least 16 bytes as per NIST SP 800\-132. The default value +is 8 bytes for backwards compatibility. .IP \fB\-nomac\fR 4 .IX Item "-nomac" Do not attempt to provide the MAC integrity. This can be useful with the FIPS provider as the PKCS12 MAC requires PKCS12KDF which is not an approved FIPS algorithm and cannot be supported by the FIPS provider. +.IP \fB\-jdktrust\fR 4 +.IX Item "-jdktrust" +Export pkcs12 file in a format compatible with Java keystore usage. This option +accepts a string parameter indicating the trust oid name to be granted to the +certificate it is associated with. Currently only "anyExtendedKeyUsage" is +defined. Note that, as Java keystores do not accept PKCS12 files with both +trusted certificates and keypairs, use of this option implies the setting of the +\&\fB\-nokeys\fR option .SH NOTES .IX Header "NOTES" Although there are a large number of options most of them are very rarely @@ -491,7 +506,7 @@ The \fB\-engine\fR option was deprecated in OpenSSL 3.0. The \fB\-nodes\fR option was deprecated in OpenSSL 3.0, too; use \fB\-noenc\fR instead. .SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2000\-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |