diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-07-10 16:52:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-07-10 16:52:57 +0200 |
commit | 6961cd4e5ab2b21ec440e1eac5846a05f17871df (patch) | |
tree | fd3ed321a0dc84b8297e913b066a92412753ec9a /src/p11tool-args.def | |
parent | e867aae1be191433186aad9d799c5de297b219a0 (diff) | |
download | gnutls-6961cd4e5ab2b21ec440e1eac5846a05f17871df.tar.gz |
p11tool: group the provided options for readability
Diffstat (limited to 'src/p11tool-args.def')
-rw-r--r-- | src/p11tool-args.def | 236 |
1 files changed, 132 insertions, 104 deletions
diff --git a/src/p11tool-args.def b/src/p11tool-args.def index dec967129e..f4103a032d 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -19,8 +19,11 @@ explain = ""; reorder-args; argument = "[url]"; -#define OUTFILE_OPT 1 -#include args-std.def +flag = { + name = token_related_options; + documentation; + descrip = "Tokens"; +}; flag = { name = list-tokens; @@ -35,27 +38,35 @@ flag = { }; flag = { - name = export; - descrip = "Export the object specified by the URL"; + name = list-mechanisms; + descrip = "List all available mechanisms in a token"; doc = ""; }; flag = { - name = export-chain; - descrip = "Export the certificate specified by the URL and its chain of trust"; - doc = "Exports the certificate specified by the URL and generates its chain of trust based on the stored certificates in the module."; + name = initialize; + descrip = "Initializes a PKCS #11 token"; + doc = ""; }; flag = { - name = list-mechanisms; - descrip = "List all available mechanisms in a token"; - doc = ""; + name = set-pin; + arg-type = string; + descrip = "Specify the PIN to use on token initialization"; + doc = "Alternatively the GNUTLS_PIN environment variable may be used."; }; flag = { - name = info; - descrip = "List information on an available object in a token"; - doc = ""; + name = set-so-pin; + arg-type = string; + descrip = "Specify the Security Officer's PIN to use on token initialization"; + doc = "Alternatively the GNUTLS_SO_PIN environment variable may be used."; +}; + +flag = { + name = object_list_related_options; + documentation; + descrip = "Object listing"; }; flag = { @@ -99,30 +110,33 @@ flag = { }; flag = { - name = test-sign; - descrip = "Tests the signature operation of the provided object"; - doc = "It can be used to test the correct operation of the signature operation. -If both a private and a public key are available this operation will sign and verify -the signed data."; + name = export; + descrip = "Export the object specified by the URL"; + doc = ""; }; flag = { - name = write; - descrip = "Writes the loaded objects to a PKCS #11 token"; - doc = "It can be used to write private keys, certificates or secret keys to a token."; + name = export-chain; + descrip = "Export the certificate specified by the URL and its chain of trust"; + doc = "Exports the certificate specified by the URL and generates its chain of trust based on the stored certificates in the module."; }; flag = { - name = delete; - descrip = "Deletes the objects matching the PKCS #11 URL"; + name = export-pubkey; + descrip = "Export the public key for a private key"; + doc = "Exports the public key for the specified private key"; +}; + +flag = { + name = info; + descrip = "List information on an available object in a token"; doc = ""; }; flag = { - name = generate-random; - descrip = "Generate random data"; - arg-type = number; - doc = "Asks the token to generate a number of bytes of random bytes."; + name = keygen_related_options; + documentation; + descrip = "Key generation"; }; flag = { @@ -142,11 +156,32 @@ flag = { doc = "Generates an RSA private-public key pair on the specified token."; }; +flag = { + name = bits; + arg-type = number; + descrip = "Specify the number of bits for key generate"; + doc = ""; +}; flag = { - name = export-pubkey; - descrip = "Export the public key for a private key"; - doc = "Exports the public key for the specified private key"; + name = curve; + arg-type = string; + descrip = "Specify the curve used for EC key generation"; + doc = "Supported values are secp192r1, secp224r1, secp256r1, secp384r1 and secp521r1."; +}; + +flag = { + name = sec-param; + arg-type = string; + arg-name = "Security parameter"; + descrip = "Specify the security level"; + doc = "This is alternative to the bits option. Available options are [low, legacy, medium, high, ultra]."; +}; + +flag = { + name = write_object_related_options; + documentation; + descrip = "Writing objects"; }; flag = { @@ -167,6 +202,18 @@ flag = { }; flag = { + name = write; + descrip = "Writes the loaded objects to a PKCS #11 token"; + doc = "It can be used to write private keys, certificates or secret keys to a token. Must be combined with a --load option."; +}; + +flag = { + name = delete; + descrip = "Deletes the objects matching the given PKCS #11 URL"; + doc = ""; +}; + +flag = { name = label; arg-type = string; descrip = "Sets a label for the write operation"; @@ -193,7 +240,7 @@ flag = { disable = "no"; disabled; descrip = "Marks the object to be written as trusted"; - doc = "Marks the object to be generated/copied with the CKA_TRUST flag."; + doc = "Marks the object to be generated/written with the CKA_TRUST flag."; }; flag = { @@ -201,7 +248,7 @@ flag = { disable = "no"; disabled; descrip = "Marks the object to be written for decryption"; - doc = "Marks the object to be generated/copied with the CKA_DECRYPT flag set to true."; + doc = "Marks the object to be generated/written with the CKA_DECRYPT flag set to true."; }; flag = { @@ -209,7 +256,7 @@ flag = { disable = "no"; disabled; descrip = "Marks the object to be written for signature generation"; - doc = "Marks the object to be generated/copied with the CKA_SIGN flag set to true."; + doc = "Marks the object to be generated/written with the CKA_SIGN flag set to true."; }; flag = { @@ -217,7 +264,7 @@ flag = { disable = "no"; disabled; descrip = "Marks the object to be written as a CA"; - doc = "Marks the object to be generated/copied with the CKA_CERTIFICATE_CATEGORY as CA."; + doc = "Marks the object to be generated/written with the CKA_CERTIFICATE_CATEGORY as CA."; }; flag = { @@ -225,7 +272,7 @@ flag = { disable = "no"; enabled; descrip = "Marks the object to be written as private"; - doc = "Marks the object to be generated/copied with the CKA_PRIVATE flag. The written object will require a PIN to be used."; + doc = "Marks the object to be generated/written with the CKA_PRIVATE flag. The written object will require a PIN to be used."; }; flag = { @@ -244,39 +291,10 @@ flag = { }; flag = { - name = login; - descrip = "Force (user) login to token"; - disabled; - disable = "no"; - doc = ""; -}; - -flag = { - name = so-login; - descrip = "Force security officer login to token"; - disabled; - disable = "no"; - doc = "Forces login to the token as security officer (admin)."; -}; - -flag = { - name = admin-login; - aliases = so-login; -}; - -flag = { - name = detailed-url; - descrip = "Print detailed URLs"; - disabled; - disable = "no"; - doc = ""; -}; - -flag = { name = secret-key; arg-type = string; descrip = "Provide a hex encoded secret key"; - doc = ""; + doc = "This secret key will be written to the module if --write is specified."; }; flag = { @@ -304,34 +322,56 @@ flag = { }; flag = { - name = pkcs8; - value = 8; - descrip = "Use PKCS #8 format for private keys"; - doc = ""; + name = other_options; + documentation; + descrip = "Other options"; }; +#define OUTFILE_OPT 1 +#include args-std.def + flag = { - name = bits; - arg-type = number; - descrip = "Specify the number of bits for key generate"; - doc = ""; + name = login; + descrip = "Force (user) login to token"; + disabled; + disable = "no"; + doc = ""; }; flag = { - name = curve; - arg-type = string; - descrip = "Specify the curve used for EC key generation"; - doc = "Supported values are secp192r1, secp224r1, secp256r1, secp384r1 and secp521r1."; + name = so-login; + descrip = "Force security officer login to token"; + disabled; + disable = "no"; + doc = "Forces login to the token as security officer (admin)."; }; flag = { - name = sec-param; - arg-type = string; - arg-name = "Security parameter"; - descrip = "Specify the security level"; - doc = "This is alternative to the bits option. Available options are [low, legacy, medium, high, ultra]."; + name = admin-login; + aliases = so-login; }; +flag = { + name = test-sign; + descrip = "Tests the signature operation of the provided object"; + doc = "It can be used to test the correct operation of the signature operation. +If both a private and a public key are available this operation will sign and verify +the signed data."; +}; + +flag = { + name = generate-random; + descrip = "Generate random data"; + arg-type = number; + doc = "Asks the token to generate a number of bytes of random bytes."; +}; + +flag = { + name = pkcs8; + value = 8; + descrip = "Use PKCS #8 format for private keys"; + doc = ""; +}; flag = { name = inder; @@ -360,26 +400,6 @@ flag = { }; flag = { - name = initialize; - descrip = "Initializes a PKCS #11 token"; - doc = ""; -}; - -flag = { - name = set-pin; - arg-type = string; - descrip = "Specify the PIN to use on token initialization"; - doc = "Alternatively the GNUTLS_PIN environment variable may be used."; -}; - -flag = { - name = set-so-pin; - arg-type = string; - descrip = "Specify the Security Officer's PIN to use on token initialization"; - doc = "Alternatively the GNUTLS_SO_PIN environment variable may be used."; -}; - -flag = { name = provider; arg-type = file; file-exists = yes; @@ -388,9 +408,17 @@ flag = { }; flag = { + name = detailed-url; + descrip = "Print detailed URLs"; + disabled; + disable = "no"; + doc = ""; +}; + +flag = { name = batch; - descrip = "Disable all interaction with the tool. All parameters need to be specified on command line."; - doc = ""; + descrip = "Disable all interaction with the tool"; + doc = "In batch mode there will be no prompts, all parameters need to be specified on command line."; }; |