summaryrefslogtreecommitdiff
path: root/src/pki
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki')
-rw-r--r--src/pki/Makefile.am4
-rw-r--r--src/pki/Makefile.in631
-rw-r--r--src/pki/command.c2
-rw-r--r--src/pki/commands/gen.c4
-rw-r--r--src/pki/commands/issue.c24
-rw-r--r--src/pki/commands/keyid.c6
-rw-r--r--src/pki/commands/pkcs7.c8
-rw-r--r--src/pki/commands/print.c8
-rw-r--r--src/pki/commands/pub.c28
-rw-r--r--src/pki/commands/req.c11
-rw-r--r--src/pki/commands/self.c10
-rw-r--r--src/pki/commands/signcrl.c12
-rw-r--r--src/pki/commands/verify.c9
-rw-r--r--src/pki/man/Makefile.am14
-rw-r--r--src/pki/man/Makefile.in637
-rw-r--r--src/pki/man/pki---gen.1.in112
-rw-r--r--src/pki/man/pki---issue.1.in179
-rw-r--r--src/pki/man/pki---keyid.1.in72
-rw-r--r--src/pki/man/pki---pkcs7.1.in79
-rw-r--r--src/pki/man/pki---print.1.in53
-rw-r--r--src/pki/man/pki---pub.1.in77
-rw-r--r--src/pki/man/pki---req.1.in91
-rw-r--r--src/pki/man/pki---self.1.in148
-rw-r--r--src/pki/man/pki---signcrl.1.in124
-rw-r--r--src/pki/man/pki---verify.1.in56
-rw-r--r--src/pki/man/pki.1.in156
-rw-r--r--src/pki/pki.c13
27 files changed, 2249 insertions, 319 deletions
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index e07938284..efbed9b2b 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -1,4 +1,6 @@
-ipsec_PROGRAMS = pki
+SUBDIRS = man
+
+bin_PROGRAMS = pki
pki_SOURCES = pki.c pki.h command.c command.h \
commands/gen.c \
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index f58ad1bce..1101366d1 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -1,9 +1,8 @@
-# Makefile.in generated by automake 1.11.6 from Makefile.am.
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
-# Foundation, Inc.
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -16,23 +15,51 @@
@SET_MAKE@
VPATH = @srcdir@
-am__make_dryrun = \
- { \
- am__dry=no; \
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
- echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
- | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
- *) \
- for am__flg in $$MAKEFLAGS; do \
- case $$am__flg in \
- *=*|--*) ;; \
- *n*) am__dry=yes; break;; \
- esac; \
- done;; \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
esac; \
- test $$am__dry = yes; \
- }
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -51,15 +78,17 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-ipsec_PROGRAMS = pki$(EXEEXT)
+bin_PROGRAMS = pki$(EXEEXT)
subdir = src/pki
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
$(top_srcdir)/m4/config/ltsugar.m4 \
$(top_srcdir)/m4/config/ltversion.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
$(top_srcdir)/m4/macros/add-plugin.m4 \
@@ -70,17 +99,33 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(ipsecdir)"
-PROGRAMS = $(ipsec_PROGRAMS)
-am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) gen.$(OBJEXT) \
- issue.$(OBJEXT) keyid.$(OBJEXT) pub.$(OBJEXT) req.$(OBJEXT) \
- self.$(OBJEXT) print.$(OBJEXT) signcrl.$(OBJEXT) \
- pkcs7.$(OBJEXT) verify.$(OBJEXT)
+am__installdirs = "$(DESTDIR)$(bindir)"
+PROGRAMS = $(bin_PROGRAMS)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \
+ commands/gen.$(OBJEXT) commands/issue.$(OBJEXT) \
+ commands/keyid.$(OBJEXT) commands/pub.$(OBJEXT) \
+ commands/req.$(OBJEXT) commands/self.$(OBJEXT) \
+ commands/print.$(OBJEXT) commands/signcrl.$(OBJEXT) \
+ commands/pkcs7.$(OBJEXT) commands/verify.$(OBJEXT)
pki_OBJECTS = $(am_pki_OBJECTS)
pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
+am__v_lt_1 =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -93,30 +138,85 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
SOURCES = $(pki_SOURCES)
DIST_SOURCES = $(pki_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+ ctags-recursive dvi-recursive html-recursive info-recursive \
+ install-data-recursive install-dvi-recursive \
+ install-exec-recursive install-html-recursive \
+ install-info-recursive install-pdf-recursive \
+ install-ps-recursive install-recursive installcheck-recursive \
+ installdirs-recursive pdf-recursive ps-recursive \
+ tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+am__recursive_targets = \
+ $(RECURSIVE_TARGETS) \
+ $(RECURSIVE_CLEAN_TARGETS) \
+ $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+ distdir
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
ACLOCAL = @ACLOCAL@
ALLOCA = @ALLOCA@
AMTAR = @AMTAR@
@@ -190,6 +290,10 @@ PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
@@ -306,6 +410,7 @@ starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
@@ -313,6 +418,7 @@ top_srcdir = @top_srcdir@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
+SUBDIRS = man
pki_SOURCES = pki.c pki.h command.c command.h \
commands/gen.c \
commands/issue.c \
@@ -330,7 +436,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DPLUGINS=\""${pki_plugins}\""
-all: all-am
+all: all-recursive
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
@@ -364,19 +470,21 @@ $(top_srcdir)/configure: $(am__configure_deps)
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
+install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
fi; \
for p in $$list; do echo "$$p $$p"; done | \
sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p || test -f $$p1; \
- then echo "$$p"; echo "$$p"; else :; fi; \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
done | \
- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
-e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
@@ -387,239 +495,167 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
} \
; done
-uninstall-ipsecPROGRAMS:
+uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' `; \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
+commands/$(am__dirstamp):
+ @$(MKDIR_P) commands
+ @: > commands/$(am__dirstamp)
+commands/$(DEPDIR)/$(am__dirstamp):
+ @$(MKDIR_P) commands/$(DEPDIR)
+ @: > commands/$(DEPDIR)/$(am__dirstamp)
+commands/gen.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/issue.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/keyid.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/pub.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/req.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/self.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/print.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/signcrl.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/pkcs7.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+commands/verify.$(OBJEXT): commands/$(am__dirstamp) \
+ commands/$(DEPDIR)/$(am__dirstamp)
+
pki$(EXEEXT): $(pki_OBJECTS) $(pki_DEPENDENCIES) $(EXTRA_pki_DEPENDENCIES)
@rm -f pki$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(pki_OBJECTS) $(pki_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
+ -rm -f commands/*.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/issue.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyid.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pki.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pub.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/req.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/self.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signcrl.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/gen.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/issue.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/keyid.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/pkcs7.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/print.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/pub.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/req.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/self.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/signcrl.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/verify.Po@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-gen.o: commands/gen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.o -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/gen.c' object='gen.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c
-
-gen.obj: commands/gen.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.obj -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/gen.c' object='gen.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi`
-
-issue.o: commands/issue.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.o -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/issue.c' object='issue.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c
-
-issue.obj: commands/issue.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.obj -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/issue.c' object='issue.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi`
-
-keyid.o: commands/keyid.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.o -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/keyid.c' object='keyid.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c
-
-keyid.obj: commands/keyid.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.obj -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/keyid.c' object='keyid.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi`
-
-pub.o: commands/pub.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.o -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pub.c' object='pub.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c
-
-pub.obj: commands/pub.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.obj -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pub.c' object='pub.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi`
-
-req.o: commands/req.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.o -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/req.c' object='req.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c
-
-req.obj: commands/req.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.obj -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/req.c' object='req.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi`
-
-self.o: commands/self.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.o -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/self.c' object='self.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c
-
-self.obj: commands/self.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.obj -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/self.c' object='self.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi`
-
-print.o: commands/print.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT print.o -MD -MP -MF $(DEPDIR)/print.Tpo -c -o print.o `test -f 'commands/print.c' || echo '$(srcdir)/'`commands/print.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/print.Tpo $(DEPDIR)/print.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/print.c' object='print.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o print.o `test -f 'commands/print.c' || echo '$(srcdir)/'`commands/print.c
-
-print.obj: commands/print.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT print.obj -MD -MP -MF $(DEPDIR)/print.Tpo -c -o print.obj `if test -f 'commands/print.c'; then $(CYGPATH_W) 'commands/print.c'; else $(CYGPATH_W) '$(srcdir)/commands/print.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/print.Tpo $(DEPDIR)/print.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/print.c' object='print.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o print.obj `if test -f 'commands/print.c'; then $(CYGPATH_W) 'commands/print.c'; else $(CYGPATH_W) '$(srcdir)/commands/print.c'; fi`
-
-signcrl.o: commands/signcrl.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signcrl.o -MD -MP -MF $(DEPDIR)/signcrl.Tpo -c -o signcrl.o `test -f 'commands/signcrl.c' || echo '$(srcdir)/'`commands/signcrl.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/signcrl.Tpo $(DEPDIR)/signcrl.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/signcrl.c' object='signcrl.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signcrl.o `test -f 'commands/signcrl.c' || echo '$(srcdir)/'`commands/signcrl.c
-
-signcrl.obj: commands/signcrl.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signcrl.obj -MD -MP -MF $(DEPDIR)/signcrl.Tpo -c -o signcrl.obj `if test -f 'commands/signcrl.c'; then $(CYGPATH_W) 'commands/signcrl.c'; else $(CYGPATH_W) '$(srcdir)/commands/signcrl.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/signcrl.Tpo $(DEPDIR)/signcrl.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/signcrl.c' object='signcrl.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signcrl.obj `if test -f 'commands/signcrl.c'; then $(CYGPATH_W) 'commands/signcrl.c'; else $(CYGPATH_W) '$(srcdir)/commands/signcrl.c'; fi`
-
-pkcs7.o: commands/pkcs7.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs7.o -MD -MP -MF $(DEPDIR)/pkcs7.Tpo -c -o pkcs7.o `test -f 'commands/pkcs7.c' || echo '$(srcdir)/'`commands/pkcs7.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs7.Tpo $(DEPDIR)/pkcs7.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pkcs7.c' object='pkcs7.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs7.o `test -f 'commands/pkcs7.c' || echo '$(srcdir)/'`commands/pkcs7.c
-
-pkcs7.obj: commands/pkcs7.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs7.obj -MD -MP -MF $(DEPDIR)/pkcs7.Tpo -c -o pkcs7.obj `if test -f 'commands/pkcs7.c'; then $(CYGPATH_W) 'commands/pkcs7.c'; else $(CYGPATH_W) '$(srcdir)/commands/pkcs7.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs7.Tpo $(DEPDIR)/pkcs7.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pkcs7.c' object='pkcs7.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs7.obj `if test -f 'commands/pkcs7.c'; then $(CYGPATH_W) 'commands/pkcs7.c'; else $(CYGPATH_W) '$(srcdir)/commands/pkcs7.c'; fi`
-
-verify.o: commands/verify.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.o -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/verify.c' object='verify.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c
-
-verify.obj: commands/verify.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.obj -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/verify.c' object='verify.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi`
-
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
- mkid -fID $$unique
-tags: TAGS
-
-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+# (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+ @fail=; \
+ if $(am__make_keepgoing); then \
+ failcom='fail=yes'; \
+ else \
+ failcom='exit 1'; \
+ fi; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-recursive
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ $(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
@@ -631,15 +667,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$$unique; \
fi; \
fi
-ctags: CTAGS
-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
- $(TAGS_FILES) $(LISP)
- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | \
- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in files) print i; }; }'`; \
+ctags: ctags-recursive
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
@@ -648,6 +680,21 @@ GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-recursive
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
@@ -682,22 +729,48 @@ distdir: $(DISTFILES)
|| exit 1; \
fi; \
done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ $(am__make_dryrun) \
+ || test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
check-am: all-am
-check: check-am
+check: check-recursive
all-am: Makefile $(PROGRAMS)
-installdirs:
- for dir in "$(DESTDIR)$(ipsecdir)"; do \
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(bindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-installcheck: installcheck-am
+installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
@@ -715,96 +788,98 @@ clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -rm -f commands/$(DEPDIR)/$(am__dirstamp)
+ -rm -f commands/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
+clean: clean-recursive
-clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
- mostlyclean-am
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR) commands/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
-dvi: dvi-am
+dvi: dvi-recursive
dvi-am:
-html: html-am
+html: html-recursive
html-am:
-info: info-am
+info: info-recursive
info-am:
-install-data-am: install-ipsecPROGRAMS
+install-data-am:
-install-dvi: install-dvi-am
+install-dvi: install-dvi-recursive
install-dvi-am:
-install-exec-am:
+install-exec-am: install-binPROGRAMS
-install-html: install-html-am
+install-html: install-html-recursive
install-html-am:
-install-info: install-info-am
+install-info: install-info-recursive
install-info-am:
install-man:
-install-pdf: install-pdf-am
+install-pdf: install-pdf-recursive
install-pdf-am:
-install-ps: install-ps-am
+install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR) commands/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
-mostlyclean: mostlyclean-am
+mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
-pdf: pdf-am
+pdf: pdf-recursive
pdf-am:
-ps: ps-am
+ps: ps-recursive
ps-am:
-uninstall-am: uninstall-ipsecPROGRAMS
+uninstall-am: uninstall-binPROGRAMS
-.MAKE: install-am install-strip
+.MAKE: $(am__recursive_targets) install-am install-strip
-.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-ipsecPROGRAMS clean-libtool ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
+ check-am clean clean-binPROGRAMS clean-generic clean-libtool \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
- install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-ipsecPROGRAMS
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-binPROGRAMS
pki.o : $(top_builddir)/config.status
diff --git a/src/pki/command.c b/src/pki/command.c
index a5e5b8528..984da59b4 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -258,6 +258,6 @@ int command_dispatch(int c, char *v[])
return cmds[i].call();
}
}
- return command_usage("invalid operation");
+ return command_usage(c > 1 ? "invalid operation" : NULL);
}
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index e3602f0c3..b74be7d98 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -151,7 +151,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
gen, 'g', "gen", "generate a new private key",
{" [--type rsa|ecdsa] [--size bits] [--safe-primes]",
- "[--shares n] [--threshold l] [--outform der|pem|pgp]"},
+ "[--shares n] [--threshold l] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"type", 't', 1, "type of key, default: rsa"},
@@ -159,7 +159,7 @@ static void __attribute__ ((constructor))reg()
{"safe-primes", 'p', 0, "generate rsa safe primes"},
{"shares", 'n', 1, "number of private rsa key shares"},
{"threshold", 'l', 1, "minimum number of participating rsa key shares"},
- {"outform", 'f', 1, "encoding of generated private key"},
+ {"outform", 'f', 1, "encoding of generated private key, default: der"},
}
});
}
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 5f098ba41..000f63d1a 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -380,9 +380,13 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert_req)
{
@@ -419,8 +423,12 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
}
if (!public)
@@ -514,14 +522,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
issue, 'i', "issue",
"issue a certificate using a CA certificate and key",
- {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex",
+ {"[--in file] [--type pub|pkcs10] --cakey file|--cakeyid hex",
" --cacert file [--dn subject-dn] [--san subjectAltName]+",
- "[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+",
- "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
- "[--nc-permitted name] [--nc-excluded name]",
- "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
- "[--policy-map issuer-oid:subject-oid]",
+ "[--lifetime days] [--serial hex] [--ca] [--pathlen len]",
+ "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
+ "[--crl uri [--crlissuer i]]+ [--ocsp uri]+ [--nc-permitted name]",
+ "[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
+ "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 6d2f7b915..353670e32 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -87,8 +87,12 @@ static int keyid()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c
index 790656c62..6c75693ab 100644
--- a/src/pki/commands/pkcs7.c
+++ b/src/pki/commands/pkcs7.c
@@ -445,8 +445,8 @@ static void __attribute__ ((constructor))reg()
{
command_register((command_t) {
pkcs7, '7', "pkcs7", "PKCS#7 wrap/unwrap functions",
- {"--sign | --verify | --encrypt | --decrypt",
- "--certificate+ [--key]"},
+ {"--sign|--verify|--encrypt|--decrypt|--show",
+ "[--in file] [--cert file]+ [--key file]"},
{
{"help", 'h', 0, "show usage information"},
{"sign", 's', 0, "create PKCS#7 signed-data"},
@@ -455,8 +455,8 @@ static void __attribute__ ((constructor))reg()
{"decrypt", 'd', 0, "decrypt PKCS#7 enveloped-data"},
{"show", 'p', 0, "show info about PKCS#7, print certificates"},
{"in", 'i', 1, "input file, default: stdin"},
- {"key", 'k', 1, "path to private key for sign/decryp"},
- {"cert", 'c', 1, "path to certificate for sign/verify/encryp"},
+ {"key", 'k', 1, "path to private key for sign/decrypt"},
+ {"cert", 'c', 1, "path to certificate for sign/verify/encrypt"},
}
});
}
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 90cf254c8..2261e44ff 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
if (crl->is_delta_crl(crl, &chunk))
{
- chunk = chunk_skip_zero(chunk);
+ chunk = chunk_skip_zero(chunk);
printf("delta CRL: for serial %#B\n", &chunk);
}
chunk = crl->get_authKeyIdentifier(crl);
@@ -508,8 +508,12 @@ static int print()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 9912061f4..7f88055ef 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -51,6 +51,11 @@ static int pub()
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
+ else if (streq(arg, "pub"))
+ {
+ type = CRED_PUBLIC_KEY;
+ subtype = KEY_ANY;
+ }
else if (streq(arg, "pkcs10"))
{
type = CRED_CERTIFICATE;
@@ -96,13 +101,17 @@ static int pub()
chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
- BUILD_PKCS11_KEYID, chunk, BUILD_END);
+ BUILD_PKCS11_KEYID, chunk, BUILD_END);
free(chunk.ptr);
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (type == CRED_PRIVATE_KEY)
@@ -116,6 +125,15 @@ static int pub()
public = private->get_public_key(private);
private->destroy(private);
}
+ else if (type == CRED_PUBLIC_KEY)
+ {
+ public = cred;
+ if (!public)
+ {
+ fprintf(stderr, "parsing public key failed\n");
+ return 1;
+ }
+ }
else
{
cert = cred;
@@ -157,14 +175,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
pub, 'p', "pub",
"extract the public key from a private key/certificate",
- {"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]",
- "[--outform der|pem|pgp|dnskey]"},
+ {"[--in file|--keyid hex] [--type rsa|ecdsa|pub|pkcs10|x509]",
+ "[--outform der|pem|dnskey|sshkey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
{"keyid", 'x', 1, "keyid on smartcard of private key"},
{"type", 't', 1, "type of credential, default: rsa"},
- {"outform", 'f', 1, "encoding of extracted public key"},
+ {"outform", 'f', 1, "encoding of extracted public key, default: der"},
}
});
}
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index d90ddc251..628463e7b 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -116,8 +116,12 @@ static int req()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
@@ -174,9 +178,8 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {"[--in file] [--type rsa|ecdsa]",
- " --dn distinguished-name [--san subjectAltName]+",
- "[--password challengePassword]",
+ {" [--in file] [--type rsa|ecdsa] --dn distinguished-name",
+ "[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 448360821..6bf0b1353 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -271,8 +271,12 @@ static int self()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
@@ -378,14 +382,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
self, 's', "self",
"create a self signed certificate",
- {"[--in file | --keyid hex] [--type rsa|ecdsa]",
+ {" [--in file|--keyid hex] [--type rsa|ecdsa]",
" --dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
"[--nc-permitted name] [--nc-excluded name]",
- "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
"[--policy-map issuer-oid:subject-oid]",
"[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
+ "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index f9746cca7..4f9dd291d 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -429,13 +429,13 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
sign_crl, 'c', "signcrl",
"issue a CRL using a CA certificate and key",
- {"--cacert file --cakey file | --cakeyid hex --lifetime days",
- "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+",
- "[ [--reason key-compromise|ca-compromise|affiliation-changed|",
+ {"--cacert file --cakey file|--cakeyid hex [--lifetime days]",
+ " [--lastcrl crl] [--basecrl crl] [--crluri uri]+",
+ " [[--reason key-compromise|ca-compromise|affiliation-changed|",
" superseded|cessation-of-operation|certificate-hold]",
- " [--date timestamp]",
- " --cert file | --serial hex ]*",
- "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
+ " [--date timestamp] --cert file|--serial hex]*",
+ " [--digest md5|sha1|sha224|sha256|sha384|sha512]",
+ " [--outform der|pem]"},
{
{"help", 'h', 0, "show usage information"},
{"cacert", 'c', 1, "CA certificate file"},
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 3e983d3ec..96b2b5065 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -55,8 +55,12 @@ static int verify()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert)
{
@@ -125,7 +129,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
verify, 'v', "verify",
"verify a certificate using the CA certificate",
- {"[--in file] [--ca file]"},
+ {"[--in file] [--cacert file]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "X.509 certificate to verify, default: stdin"},
@@ -133,4 +137,3 @@ static void __attribute__ ((constructor))reg()
}
});
}
-
diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am
new file mode 100644
index 000000000..618bd4093
--- /dev/null
+++ b/src/pki/man/Makefile.am
@@ -0,0 +1,14 @@
+man1_MANS = \
+ pki.1 \
+ pki---gen.1 \
+ pki---self.1 \
+ pki---issue.1 \
+ pki---signcrl.1 \
+ pki---req.1 \
+ pki---pkcs7.1 \
+ pki---keyid.1 \
+ pki---print.1 \
+ pki---pub.1 \
+ pki---verify.1
+
+CLEANFILES = $(man1_MANS)
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
new file mode 100644
index 000000000..ecba4a9b3
--- /dev/null
+++ b/src/pki/man/Makefile.in
@@ -0,0 +1,637 @@
+# Makefile.in generated by automake 1.13.3 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/pki/man
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(srcdir)/pki.1.in $(srcdir)/pki---gen.1.in \
+ $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \
+ $(srcdir)/pki---pkcs7.1.in $(srcdir)/pki---print.1.in \
+ $(srcdir)/pki---pub.1.in $(srcdir)/pki---req.1.in \
+ $(srcdir)/pki---self.1.in $(srcdir)/pki---signcrl.1.in \
+ $(srcdir)/pki---verify.1.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/split-package-version.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = pki.1 pki---gen.1 pki---issue.1 pki---keyid.1 \
+ pki---pkcs7.1 pki---print.1 pki---pub.1 pki---req.1 \
+ pki---self.1 pki---signcrl.1 pki---verify.1
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man1dir = $(mandir)/man1
+am__installdirs = "$(DESTDIR)$(man1dir)"
+NROFF = nroff
+MANS = $(man1_MANS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BFDLIB = @BFDLIB@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CHECK_CFLAGS = @CHECK_CFLAGS@
+CHECK_LIBS = @CHECK_LIBS@
+COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
+COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GENHTML = @GENHTML@
+GPERF = @GPERF@
+GPRBUILD = @GPRBUILD@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LCOV = @LCOV@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
+PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
+PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
+PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+RUBYLIB = @RUBYLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+UNWINDLIB = @UNWINDLIB@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
+clearsilver_LIBS = @clearsilver_LIBS@
+cmd_plugins = @cmd_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+dev_headers = @dev_headers@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+t_plugins = @t_plugins@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+man1_MANS = \
+ pki.1 \
+ pki---gen.1 \
+ pki---self.1 \
+ pki---issue.1 \
+ pki---signcrl.1 \
+ pki---req.1 \
+ pki---pkcs7.1 \
+ pki---keyid.1 \
+ pki---print.1 \
+ pki---pub.1 \
+ pki---verify.1
+
+CLEANFILES = $(man1_MANS)
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/man/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/pki/man/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+pki.1: $(top_builddir)/config.status $(srcdir)/pki.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---gen.1: $(top_builddir)/config.status $(srcdir)/pki---gen.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---issue.1: $(top_builddir)/config.status $(srcdir)/pki---issue.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---keyid.1: $(top_builddir)/config.status $(srcdir)/pki---keyid.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---pkcs7.1: $(top_builddir)/config.status $(srcdir)/pki---pkcs7.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---print.1: $(top_builddir)/config.status $(srcdir)/pki---print.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---pub.1: $(top_builddir)/config.status $(srcdir)/pki---pub.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---req.1: $(top_builddir)/config.status $(srcdir)/pki---req.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---self.1: $(top_builddir)/config.status $(srcdir)/pki---self.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---signcrl.1: $(top_builddir)/config.status $(srcdir)/pki---signcrl.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+pki---verify.1: $(top_builddir)/config.status $(srcdir)/pki---verify.1.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man1_MANS)
+ @$(NORMAL_INSTALL)
+ @list1='$(man1_MANS)'; \
+ list2=''; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+ for dir in "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ cscopelist-am ctags-am distclean distclean-generic \
+ distclean-libtool distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man1 install-pdf install-pdf-am install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags-am uninstall uninstall-am uninstall-man \
+ uninstall-man1
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/pki/man/pki---gen.1.in b/src/pki/man/pki---gen.1.in
new file mode 100644
index 000000000..138ab6122
--- /dev/null
+++ b/src/pki/man/pki---gen.1.in
@@ -0,0 +1,112 @@
+.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-gen \- Generate a new RSA or ECDSA private key
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-gen
+.OP \-\-type type
+.OP \-\-size bits
+.OP \-\-safe\-primes
+.OP \-\-shares n
+.OP \-\-threshold l
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-gen
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-gen"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+is used to generate a new RSA or ECDSA private key.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of key to generate. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+.TP
+.BI "\-s, \-\-size " bits
+Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR.
+For \fIecdsa\fR only three values are currently supported: 256, 384 and 521.
+.TP
+.BI "\-p, \-\-safe\-primes"
+Generate RSA safe primes.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the generated private key. Either \fIder\fR (ASN.1 DER) or \fIpem\fR
+(Base64 PEM), defaults
+to \fIder\fR.
+.PP
+.SS "RSA Threshold Cryptography"
+.TP
+.BI "\-n, \-\-shares " <n>
+Number of private RSA key shares.
+.TP
+.BI "\-l, \-\-threshold " <l>
+Minimum number of participating RSA key shares.
+.
+.SH "PROBLEMS ON HOSTS WITH LOW ENTROPY"
+.
+If the
+.I gmp
+plugin is used to generate RSA private keys the key material is read from
+.I /dev/random
+(via the
+.I random
+plugin). Therefore, the command may block if the system's entropy pool is empty.
+To avoid this, either use a hardware random number generator to feed
+.I /dev/random
+or use OpenSSL (via the
+.I openssl
+plugin or the command line) which is not as strict in regards to the quality of
+the key material (it reads from
+.I /dev/urandom
+if necessary). It is also possible to configure the devices used by the
+.I random
+plugin in
+.BR strongswan.conf (5).
+Setting
+.B libstrongswan.plugins.random.random
+to
+.I /dev/urandom
+forces the plugin to treat bytes read from
+.I /dev/urandom
+as high grade random data, thus avoiding the blocking. Of
+course, this doesn't change the fact that the key material generated this way is
+of lower quality.
+.
+.SH "EXAMPLES"
+.
+.TP
+.B pki \-\-gen \-\-size 3072 > rsa_key.der
+Generates a 3072-bit RSA private key.
+.
+.TP
+.B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
+Generates a 256-bit ECDSA private key.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1)
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in
new file mode 100644
index 000000000..9effd9b15
--- /dev/null
+++ b/src/pki/man/pki---issue.1.in
@@ -0,0 +1,179 @@
+.TH "PKI \-\-ISSUE" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-issue \- Issue a certificate using a CA certificate and key
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-issue
+.OP \-\-in file
+.OP \-\-type type
+.BI \-\-cakey\~ file |\-\-cakeyid\~ hex
+.BI \-\-cacert\~ file
+.OP \-\-dn subject-dn
+.OP \-\-san subjectAltName
+.OP \-\-lifetime days
+.OP \-\-serial hex
+.OP \-\-flag flag
+.OP \-\-digest digest
+.OP \-\-ca
+.OP \-\-crl uri\ \fR[\fB\-\-crlissuer\ \fIissuer\fR]
+.OP \-\-ocsp uri
+.OP \-\-pathlen len
+.OP \-\-nc-permitted name
+.OP \-\-nc-excluded name
+.OP \-\-policy\-mapping mapping
+.OP \-\-policy\-explicit len
+.OP \-\-policy\-inhibit len
+.OP \-\-policy\-any len
+.OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR]
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-issue
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-issue"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+is used to issue a certificate using a CA certificate and private key.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Public key or PKCS#10 certificate request file to issue. If not given the
+key/request is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of the input. Either \fIpub\fR for a public key, or \fIpkcs10\fR for a
+PKCS#10 certificate request, defaults to \fIpub\fR.
+.TP
+.BI "\-k, \-\-cakey " file
+CA private key file. Either this or
+.B \-\-cakeyid
+is required.
+.TP
+.BI "\-x, \-\-cakeyid " hex
+Key ID of a CA private key on a smartcard. Either this or
+.B \-\-cakey
+is required.
+.TP
+.BI "\-c, \-\-cacert " file
+CA certificate file. Required.
+.TP
+.BI "\-d, \-\-dn " subject-dn
+Subject distinguished name (DN) of the issued certificate.
+.TP
+.BI "\-a, \-\-san " subjectAltName
+subjectAltName extension to include in certificate. Can be used multiple times.
+.TP
+.BI "\-l, \-\-lifetime " days
+Days the certificate is valid, default: 1095.
+.TP
+.BI "\-s, \-\-serial " hex
+Serial number in hex. It is randomly allocated by default.
+.TP
+.BI "\-e, \-\-flag " flag
+Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR,
+\fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.TP
+.BI "\-b, \-\-ca"
+Include CA basicConstraint extension in certificate.
+.TP
+.BI "\-u, \-\-crl " uri
+CRL distribution point URI to include in certificate. Can be used multiple
+times.
+.TP
+.BI "\-I, \-\-crlissuer " issuer
+Optional CRL issuer for the CRL at the preceding distribution point.
+.TP
+.BI "\-o, \-\-ocsp " uri
+OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple
+times.
+.TP
+.BI "\-p, \-\-pathlen " len
+Set path length constraint.
+.TP
+.BI "\-n, \-\-nc-permitted " name
+Add permitted NameConstraint extension to certificate.
+.TP
+.BI "\-N, \-\-nc-excluded " name
+Add excluded NameConstraint extension to certificate.
+.TP
+.BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid
+Add policyMapping from issuer to subject OID.
+.TP
+.BI "\-E, \-\-policy-explicit " len
+Add requireExplicitPolicy constraint.
+.TP
+.BI "\-H, \-\-policy-inhibit " len
+Add inhibitPolicyMapping constraint.
+.TP
+.BI "\-A, \-\-policy-any " len
+Add inhibitAnyPolicy constraint.
+.PP
+.SS "Certificate Policy"
+Multiple certificatePolicy extensions can be added. Each with the following
+information:
+.TP
+.BI "\-P, \-\-cert-policy " oid
+OID to include in certificatePolicy extension. Required.
+.TP
+.BI "\-C, \-\-cps-uri " uri
+Certification Practice statement URI for certificatePolicy.
+.TP
+.BI "\-U, \-\-user-notice " text
+User notice for certificatePolicy.
+.
+.SH "EXAMPLES"
+.
+To save repetitive typing, command line options can be stored in files.
+Lets assume
+.I pki.opt
+contains the following contents:
+.PP
+.EX
+ --cacert ca_cert.der --cakey ca_key.der --digest sha256
+ --flag serverAuth --lifetime 1460 --type pkcs10
+.EE
+.PP
+Then the following command can be used to issue a certificate based on a
+given PKCS#10 certificate request and the options above:
+.PP
+.EX
+ pki --issue --options pki.opt --in req.der > cert.der
+.EE
+.PP
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in
new file mode 100644
index 000000000..490f7afea
--- /dev/null
+++ b/src/pki/man/pki---keyid.1.in
@@ -0,0 +1,72 @@
+.TH "PKI \-\-KEYID" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-keyid \- Calculate key identifiers of a key or certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-keyid
+.OP \-\-in file
+.OP \-\-type type
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-keyid
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-keyid"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+calculates key identifiers of private keys and certificates.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Input file. If not given the input is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA
+private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate
+request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR.
+.
+.SH "EXAMPLES"
+.
+Calculate key identifiers of an RSA private key:
+.PP
+.EX
+ pki --keyid --in key.der
+ subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
+ subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
+.EE
+.PP
+Calculate key identifiers of an X.509 certificate:
+.PP
+.EX
+ pki --keyid --in cert.der --type x509
+ subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
+ subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
+.EE
+.PP
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---pkcs7.1.in b/src/pki/man/pki---pkcs7.1.in
new file mode 100644
index 000000000..38186cf70
--- /dev/null
+++ b/src/pki/man/pki---pkcs7.1.in
@@ -0,0 +1,79 @@
+.TH "PKI \-\-PKCS7" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-pkcs7 \- Provides PKCS#7 wrap/unwrap functions
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-pkcs7
+.BR \-\-sign | \-\-verify | \-\-encrypt | \-\-decrypt | \-\-show
+.OP \-\-in file
+.OP \-\-cert file
+.OP \-\-key file
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-pkcs7
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-pkcs7"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+provides functions to wrap/unwrap PKCS#7 containers.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-s, \-\-sign"
+Create PKCS#7 signed-data.
+.TP
+.BI "\-u, \-\-verify"
+Verify PKCS#7 signed-data.
+.TP
+.BI "\-e, \-\-encrypt"
+Create PKCS#7 enveloped-data.
+.TP
+.BI "\-e, \-\-decrypt"
+Decrypt PKCS#7 enveloped-data.
+.TP
+.BI "\-p, \-\-show"
+Show information about PKCS#7 container, list certificates.
+.TP
+.BI "\-i, \-\-in " file
+PKCS#7 input file. If not given the input is read from \fISTDIN\fR.
+.TP
+.BI "\-k, \-\-key " file
+Private key used for
+.B \-\-sign
+and
+.BR \-\-decrypt.
+.TP
+.BI "\-c, \-\-cert " file
+Certificate for
+.BR \-\-sign ,
+.B \-\-verify
+and
+.BR \-\-encrypt.
+Can be used multiple times.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in
new file mode 100644
index 000000000..8d3345edc
--- /dev/null
+++ b/src/pki/man/pki---print.1.in
@@ -0,0 +1,53 @@
+.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-print \- Print a credential (key, certificate etc.) in human readable form
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-print
+.OP \-\-in file
+.OP \-\-type type
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-print
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-print"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+prints credentials (keys, certificates etc.) in human readable form.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Input file. If not given the input is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA
+private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR
+(Certificate Revocation List, CRL), defaults to \fIx509\fR.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in
new file mode 100644
index 000000000..c57e03a40
--- /dev/null
+++ b/src/pki/man/pki---pub.1.in
@@ -0,0 +1,77 @@
+.TH "PKI \-\-PUB" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-pub \- Extract a public key from a private key or certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-pub
+.RB [ \-\-in
+.IR file | \fB\-\-keyid\fR
+.IR hex ]
+.OP \-\-type type
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-pub
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-pub"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+extracts public keys from a private keys and certificates.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Input file. If not given the input is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA
+private key), \fIpub\fR (public key),
+\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate),
+defaults to \fIrsa\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
+(Base64 PEM), \fIdnskey\fR (RFC 3110 DNS key), or \fIsshkey\fR (RFC 4253 SSH
+key), defaults to \fIder\fR.
+.
+.SH "EXAMPLES"
+.
+Extract the public key from an RSA private key:
+.PP
+.EX
+ pki --pub --in key.der > pub.der
+.EE
+.PP
+Extract the public key from an X.509 certificate:
+.PP
+.EX
+ pki --pub --in cert.der --type x509 > pub.der
+.EE
+.PP
+.
+.SH "SEE ALSO"
+.
+.BR pki (1)
diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in
new file mode 100644
index 000000000..ab144ce2a
--- /dev/null
+++ b/src/pki/man/pki---req.1.in
@@ -0,0 +1,91 @@
+.TH "PKI \-\-REQ" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-req \- Create a PKCS#10 certificate request
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-req
+.OP \-\-in file
+.OP \-\-type type
+.BI \-\-dn\~ distinguished-name
+.OP \-\-san subjectAltName
+.OP \-\-password password
+.OP \-\-digest digest
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-req
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-req"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+is used to create a PKCS#10 certificate request.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Private key input file. If not given the key is read from \fISTDIN\fR.
+.TP
+.BI "\-t, \-\-type " type
+Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+.TP
+.BI "\-d, \-\-dn " distinguished-name
+Subject distinguished name (DN). Required.
+.TP
+.BI "\-a, \-\-san " subjectAltName
+subjectAltName extension to include in request. Can be used multiple times.
+.TP
+.BI "\-p, \-\-password " password
+The challengePassword to include in the certificate request.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.
+.SH "EXAMPLES"
+.
+Generate a certificate request for an RSA key, with a subjectAltName extension:
+.PP
+.EX
+ pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+ \-\-san moon@strongswan.org > req.der
+.EE
+.PP
+Generate a certificate request for an ECDSA key and a different digest:
+.PP
+.EX
+ pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
+ \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der
+.EE
+.PP
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in
new file mode 100644
index 000000000..ee42cf9a0
--- /dev/null
+++ b/src/pki/man/pki---self.1.in
@@ -0,0 +1,148 @@
+.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-self \- Create a self-signed certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-self
+.RB [ \-\-in
+.IR file | \fB\-\-keyid\fR
+.IR hex ]
+.OP \-\-type t
+.BI \-\-dn\~ distinguished-name
+.OP \-\-san subjectAltName
+.OP \-\-lifetime days
+.OP \-\-serial hex
+.OP \-\-flag flag
+.OP \-\-digest digest
+.OP \-\-ca
+.OP \-\-ocsp uri
+.OP \-\-pathlen len
+.OP \-\-nc-permitted name
+.OP \-\-nc-excluded name
+.OP \-\-policy\-mapping mapping
+.OP \-\-policy\-explicit len
+.OP \-\-policy\-inhibit len
+.OP \-\-policy\-any len
+.OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR]
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-self
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-self"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+is used to create a self-signed certificate.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Private key input file. If not given the key is read from \fISTDIN\fR.
+.TP
+.BI "\-x, \-\-keyid " hex
+Key ID of a private key on a smartcard.
+.TP
+.BI "\-t, \-\-type " type
+Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+.TP
+.BI "\-d, \-\-dn " distinguished-name
+Subject and issuer distinguished name (DN). Required.
+.TP
+.BI "\-a, \-\-san " subjectAltName
+subjectAltName extension to include in certificate. Can be used multiple times.
+.TP
+.BI "\-l, \-\-lifetime " days
+Days the certificate is valid, default: 1095.
+.TP
+.BI "\-s, \-\-serial " hex
+Serial number in hex. It is randomly allocated by default.
+.TP
+.BI "\-e, \-\-flag " flag
+Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR,
+\fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.TP
+.BI "\-b, \-\-ca"
+Include CA basicConstraint extension in certificate.
+.TP
+.BI "\-o, \-\-ocsp " uri
+OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple
+times.
+.TP
+.BI "\-p, \-\-pathlen " len
+Set path length constraint.
+.TP
+.BI "\-n, \-\-nc-permitted " name
+Add permitted NameConstraint extension to certificate.
+.TP
+.BI "\-N, \-\-nc-excluded " name
+Add excluded NameConstraint extension to certificate.
+.TP
+.BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid
+Add policyMapping from issuer to subject OID.
+.TP
+.BI "\-E, \-\-policy-explicit " len
+Add requireExplicitPolicy constraint.
+.TP
+.BI "\-H, \-\-policy-inhibit " len
+Add inhibitPolicyMapping constraint.
+.TP
+.BI "\-A, \-\-policy-any " len
+Add inhibitAnyPolicy constraint.
+.PP
+.SS "Certificate Policy"
+Multiple certificatePolicy extensions can be added. Each with the following
+information:
+.TP
+.BI "\-P, \-\-cert-policy " oid
+OID to include in certificatePolicy extension. Required.
+.TP
+.BI "\-C, \-\-cps-uri " uri
+Certification Practice statement URI for certificatePolicy.
+.TP
+.BI "\-U, \-\-user-notice " text
+User notice for certificatePolicy.
+.
+.SH "EXAMPLES"
+.
+Generate a self-signed certificate using the given RSA key:
+.PP
+.EX
+ pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+ \-\-san moon.strongswan.org > cert.der
+.EE
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---signcrl.1.in b/src/pki/man/pki---signcrl.1.in
new file mode 100644
index 000000000..6ba96f6bc
--- /dev/null
+++ b/src/pki/man/pki---signcrl.1.in
@@ -0,0 +1,124 @@
+.TH "PKI \-\-SIGNCRL" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certificate and key
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-signcrl
+.BI \-\-cakey\~ file |\-\-cakeyid\~ hex
+.BI \-\-cacert\~ file
+.OP \-\-lifetime days
+.OP \-\-lastcrl crl
+.OP \-\-basecrl crl
+.OP \-\-crluri uri
+.OP \-\-digest digest
+.OP \fR[\fB\-\-reason\ \fIreason\fR]\ \fR[\fB\-\-date\ \fIts\fR]\ \fB\-\-cert\ \fIfile\fB|\-\-serial\ \fIhex\fR
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-signcrl
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-signcrl"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+is used to issue a Certificate Revocation List (CRL) using a CA certificate and
+private key.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-k, \-\-cakey " file
+CA private key file. Either this or
+.B \-\-cakeyid
+is required.
+.TP
+.BI "\-x, \-\-cakeyid " hex
+Key ID of a CA private key on a smartcard. Either this or
+.B \-\-cakey
+is required.
+.TP
+.BI "\-c, \-\-cacert " file
+CA certificate file. Required.
+.TP
+.BI "\-l, \-\-lifetime " days
+Days until the CRL gets a nextUpdate, default: 15.
+.TP
+.BI "\-a, \-\-lastcrl " crl
+CRL of lastUpdate to copy revocations from.
+.TP
+.BI "\-b, \-\-basecrl " crl
+Base CRL to create a delta CRL for.
+.TP
+.BI "\-u, \-\-crluri " uri
+Freshest delta CRL URI to include in CRL. Can be used multiple times.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.PP
+.SS "Revoked Certificates"
+Multiple revoked certificates can be added to the CRL by either providing the
+certificate file or the respective serial number directly.
+A reason and a timestamp can be configured for each revocation (they have to be
+given before each certificate/serial on the command line).
+.TP
+.BI "\-r, \-\-reason " reason
+The reason why the certificate was revoked. One of \fIkey\-compromise\fR,
+\fIca\-compromise\fR, \fIaffiliation\-changed\fR, \fIsuperseded\fR,
+\fIcessation\-of\-operation\fR, or \fIcertificate\-hold\fR.
+.TP
+.BI "\-d, \-\-date " ts
+Revocation date as Unix timestamp. Defaults to the current time.
+.TP
+.BI "\-z, \-\-cert " file
+Certificate file to revoke.
+.TP
+.BI "\-s, \-\-serial " hex
+Hexadecimal encoded serial number of the certificate to revoke.
+.
+.SH "EXAMPLES"
+.
+Revoke a certificate:
+.PP
+.EX
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-reason superseded \-\-cert cert.der > crl.der
+.EE
+.PP
+Update an existing CRL with two new revocations, using the certificate's serial
+number, but no reason:
+.PP
+.EX
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
+.EE
+.PP
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in
new file mode 100644
index 000000000..de34acad4
--- /dev/null
+++ b/src/pki/man/pki---verify.1.in
@@ -0,0 +1,56 @@
+.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-verify \- Verify a certificate using a CA certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-verify
+.OP \-\-in file
+.OP \-\-cacert file
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-verify
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-verify"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR pki (1)
+verifies a certificate using an optional CA certificate.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+X.509 certificate to verify. If not given it is read from \fISTDIN\fR.
+.TP
+.BI "\-c, \-\-cacert " file
+CA certificate to use. If not given the certificate is assumed to be
+self-signed.
+.
+.SH "EXIT STATUS"
+The exit status is 0 if the certificate was verified successfully, and 2 if
+the verification failed.
+.
+.SH "SEE ALSO"
+.
+.BR pki (1) \ No newline at end of file
diff --git a/src/pki/man/pki.1.in b/src/pki/man/pki.1.in
new file mode 100644
index 000000000..8dfc53af3
--- /dev/null
+++ b/src/pki/man/pki.1.in
@@ -0,0 +1,156 @@
+.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \- Simple public key infrastructure (PKI) management tool
+.
+.SH "SYNOPSIS"
+.
+.SY "pki"
+.I command
+.RI [ option\~ .\|.\|.]
+.YS
+.
+.SY "pki"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+.B pki
+is a suite of commands that allow you to manage a simple public key
+infrastructure (PKI).
+.P
+Generate RSA and ECDSA key pairs, create PKCS#10 certificate requests
+containing subjectAltNames, create X.509 self-signed end-entity and root CA
+certificates, issue end-entity and intermediate CA certificates signed by the
+private key of a CA and containing subjectAltNames, CRL distribution points
+and URIs of OCSP servers. You can also extract raw public keys from private
+keys, certificate requests and certificates and compute two kinds of SHA-1-based
+key IDs.
+.
+.SH "COMMANDS"
+.
+.TP
+.B "\-h, \-\-help"
+Prints usage information and a short summary of the available commands.
+.TP
+.B "\-g, \-\-gen"
+Generate a new private key.
+.TP
+.B "\-s, \-\-self"
+Create a self-signed certificate.
+.TP
+.B "\-i, \-\-issue"
+Issue a certificate using a CA certificate and key.
+.TP
+.B "\-c, \-\-signcrl"
+Issue a CRL using a CA certificate and key.
+.TP
+.B "\-r, \-\-req"
+Create a PKCS#10 certificate request.
+.TP
+.B "\-7, \-\-pkcs7"
+Provides PKCS#7 wrap/unwrap functions.
+.TP
+.B "\-k, \-\-keyid"
+Calculate key identifiers of a key or certificate.
+.TP
+.B "\-a, \-\-print"
+Print a credential (key, certificate etc.) in human readable form.
+.TP
+.B "\-p, \-\-pub"
+Extract a public key from a private key or certificate.
+.TP
+.B "\-v, \-\-verify"
+Verify a certificate using a CA certificate.
+.
+.SH "EXAMPLES"
+.
+.SS "Generating a CA Certificate"
+.
+The first step is to generate a private key using the
+.B \-\-gen
+command. By default this generates a 2048-bit RSA key.
+.PP
+.EX
+ pki \-\-gen > ca_key.der
+.EE
+.PP
+This key is used to create the self-signed CA certificate, using the
+.B \-\-self
+command. The distinguished name should be adjusted to your needs.
+.PP
+.EX
+ pki \-\-self \-\-ca \-\-in ca_key.der \\
+ \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der
+.EE
+.PP
+.
+.SS "Generating End-Entity Certificates"
+.
+With the root CA certificate and key at hand end-entity certificates for clients
+and servers can be issued. Similarly intermediate CA certificates can be issued,
+which in turn can issue other certificates.
+To generate a certificate for a server, we start by generating a private key.
+.PP
+.EX
+ pki \-\-gen > server_key.der
+.EE
+.PP
+The public key will be included in the certificate so lets extract that from the
+private key.
+.PP
+.EX
+ pki \-\-pub \-\-in server_key.der > server_pub.der
+.EE
+.PP
+The following command will use the CA certificate and private key to issue the
+certificate for this server. Adjust the distinguished name, subjectAltName(s)
+and flags as needed (check
+.BR pki\ \-\-issue (8)
+for more options).
+.PP
+.EX
+ pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\
+ \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\
+ \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der
+.EE
+.PP
+Instead of storing the public key in a separate
+file, the output of
+.B \-\-pub
+may also be piped directly into the above command.
+.
+.SS "Generating Certificate Revocation Lists (CRL)"
+.
+If end-entity certificates have to be revoked, CRLs may be generated using
+the
+.B \-\-signcrl
+command.
+.PP
+.EX
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-reason superseded \-\-cert server_cert.der > crl.der
+.EE
+.PP
+The certificate given with \-\-cacert must be either a CA certificate or a
+certificate with the
+.I crlSign
+extended key usage (\-\-flag crlSign). URIs to CRLs may be included in issued
+certificates with the \-\-crl option.
+.
+.SH "SEE ALSO"
+.
+.BR pki\ \-\-gen (1),
+.BR pki\ \-\-self (1),
+.BR pki\ \-\-issue (1),
+.BR pki\ \-\-signcrl (1),
+.BR pki\ \-\-req (1),
+.BR pki\ \-\-pkcs7 (1),
+.BR pki\ \-\-keyid (1),
+.BR pki\ \-\-print (1),
+.BR pki\ \-\-pub (1),
+.BR pki\ \-\-verify (1)
diff --git a/src/pki/pki.c b/src/pki/pki.c
index c3039a649..ecc0702cd 100644
--- a/src/pki/pki.c
+++ b/src/pki/pki.c
@@ -81,7 +81,18 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type)
switch (type)
{
case CRED_PUBLIC_KEY:
- *enc =PUBKEY_DNSKEY;
+ *enc = PUBKEY_DNSKEY;
+ return TRUE;
+ default:
+ return FALSE;
+ }
+ }
+ else if (streq(form, "sshkey"))
+ {
+ switch (type)
+ {
+ case CRED_PUBLIC_KEY:
+ *enc = PUBKEY_SSHKEY;
return TRUE;
default:
return FALSE;