API Documentation

<h1>API Documentation</h1>

The Scheme programming interface stays relatively close to the
original one for C, with some added conveniences. Notable differences
from the C interface are:

  *  The library initializes itself automatically upon loading and
     uninitializes itself automatically using a finalizer on an
     internal object.
  *  The <tt>crypt</tt> prefix has been dropped from all function and
     constant names and both camel case and underscores have been
     replaced with hyphenation.
  *  The user argument required by some cryptlib routines is managed
     automatically using an internal parameter. If you do not use the
     <tt>login</tt> procedure, those arguments will always be set to
     <tt>NONE</tt>.

<h2>Exported Procedures</h2>

All the procedures do automatic error checking and may throw
exceptions of the kind <tt>(exn crypt)</tt> with a <tt>code</tt>
property holding the cryptlib error code.

<verbatim>
  (add-random! RANDOM-DATA [RANDOM-DATA-LENGTH]) => (void)
</verbatim>

<verbatim>
  (login NAME PASSWORD) => USER
</verbatim>

Logs in with the given user <tt>NAME</tt>, sets the internal parameter
for the current user and returns the cryptlib user object handle.

<verbatim>
  (logout) => (void)
</verbatim>

Logs the current user out and resets the internal parameter for the
current user handle to <tt>UNUSED</tt>.

<verbatim>
  (destroy-object HANDLE) => (void)
</verbatim>

<verbatim>
  (open-device DEVICE-TYPE NAME) => DEVICE
</verbatim>

<verbatim>
  (query-capability ALGO [DEVICE]) => (values NAME BLOCK-SIZE MIN-KEY-SIZE KEY-SIZE MAX-KEY-SIZE)
</verbatim>

<verbatim>
  (query-object OBJECT-DATA [OBJECT-DATA-LENGTH]) => (values OBJECT-TYPE ALGO MODE HASH-ALGO SALT-LENGTH)
</verbatim>

<verbatim>
  (create-context ALGO [DEVICE]) => CONTEXT
</verbatim>

<verbatim>
  (generate-key CONTEXT) => KEY
</verbatim>

<verbatim>
  (encrypt CONTEXT BUFFER [BUFFER-LENGTH]) => (void)
</verbatim>

<verbatim>
  (decrypt CONTEXT BUFFER [BUFFER-LENGTH]) => (void)
</verbatim>

<verbatim>
  (attribute OBJECT ATTRIBUTE-TYPE) => VALUE
  (attribute/string OBJECT ATTRIBUTE-TYPE) => VALUE
</verbatim>

<verbatim>
  (attribute-set! OBJECT ATTRIBUTE-TYPE VALUE) => (void)
  (set! (attribute OBJECT ATTRIBUTE-TYPE) VALUE) => (void)
  (attribute-set!/string OBJECT ATTRIBUTE-TYPE VALUE) => (void)
  (set! (attribute/string OBJECT ATTRIBUTE-TYPE) VALUE) => (void)
</verbatim>

<verbatim>
  (attribute-delete! OBJECT ATTRIBUTE-TYPE) => (void)
</verbatim>

<verbatim>
  (export-key EXPORT-KEY SESSION-KEY-CONTEXT) => KEY-DATA
</verbatim>

<verbatim>
  (import-key IMPORT-CONTEXT SESSION-KEY-CONTEXT KEY-DATA [KEY-DATA-LENGTH]) => (void)
</verbatim>

<verbatim>
  (create-signature SIGN-CONTEXT HASH-CONTEXT [FORMAT-TYPE EXTRA-DATA]) => SIGNATURE-DATA
</verbatim>

<verbatim>
  (check-signature SIG-CHECK-KEY HASH-CONTEXT SIGNATURE [SIGNATURE-LENGTH GET-EXTRA-DATA?]) => EXTRA-DATA | (void)
</verbatim>

<verbatim>
  (open-keyset KEYSET-TYPE KEYSET-NAME [KEYSET-OPTIONS]) => KEYSET
</verbatim>

<verbatim>
  (get-public-key KEYSET KEYID-TYPE KEYID) => HANDLE
</verbatim>

<verbatim>
  (get-private-key KEYSET KEYID-TYPE KEYID [PASSWORD]) => HANDLE
</verbatim>

<verbatim>
  (get-key KEYSET KEYID-TYPE KEYID [PASSWORD]) => HANDLE
</verbatim>

<verbatim>
  (add-public-key! KEYSET CERTIFICATE) => (void)
</verbatim>

<verbatim>
  (add-private-key! KEYSET KEY PASSWORD) => (void)
</verbatim>

<verbatim>
  (delete-key! OBJECT KEYID-TYPE KEYID) => (void)
</verbatim>

<verbatim>
  (create-cert CERT-TYPE) => CERTIFICATE
</verbatim>

<verbatim>
  (sign-cert! CERTIFICATE SIGN-CONTEXT) => (void)
</verbatim>

<verbatim>
  (check-cert CERTIFICATE SIG-CHECK-KEY) => (void)
</verbatim>

<verbatim>
  (export-cert CERT-FORMAT-TYPE CERTIFICATE) => CERT-DATA
</verbatim>

<verbatim>
  (import-cert CERT-DATA [CERT-DATA-LENGTH]) => CERTIFICATE
</verbatim>

<verbatim>
  (ca-get-item KEYSET CERT-TYPE ID-TYPE ID) => CERTIFICATE
</verbatim>

<verbatim>
  (ca-add-item! KEYSET CERTIFICATE) => (void)
</verbatim>

<verbatim>
  (ca-delete-item! KEYSET CERT-TYPE ID-TYPE ID) => (void)
</verbatim>

<verbatim>
  (ca-cert-management ACTION KEYSET CA-KEY CERT-REQUEST [GET-CERTIFICATE?]) => CERTIFICATE | (void)
</verbatim>

<verbatim>
  (create-envelope FORMAT-TYPE) => ENVELOPE
</verbatim>

<verbatim>
  (create-session SESSION-TYPE) => SESSION
</verbatim>

<verbatim>
  (push-data HANDLE BUFFER [BUFFER-LENGTH SILENT-EOF?]) => COPIED-LENGTH
</verbatim>

<verbatim>
  (pop-data HANDLE BUFFER [BUFFER-LENGTH SILENT-EOF?]) => COPIED-LENGTH
</verbatim>

Iff <tt>SILENT-EOF?</tt> is true, <tt>ERROR-READ</tt> or
<tt>ERROR-WRITE</tt> conditions are not raised but rather cause a
return value of <tt>#f</tt>.

<verbatim>
  (flush-data HANDLE) => (void)
</verbatim>

<verbatim>
  (object-port? VALUE) => BOOLEAN
</verbatim>

Checks whether a <tt>VALUE</tt> is a port wrapped around a cryptlib
envelope or session object.

<verbatim>
  (port->object PORT) => HANDLE
</verbatim>

Extracts the object handle from a port wrapping a cryptlib envelope or
session object.

<verbatim>
  (open-input-object HANDLE [DESTROY-ON-CLOSE? EOF-WHEN-EMPTY?]) => PORT
</verbatim>

Wraps a cryptlib envelope or session object into an input port. If
<tt>DESTROY-ON-CLOSE?</tt> is true, closing the port causes disposal
of the underlying object using <tt>destroy-object</tt>.

If <tt>EOF-WHEN-EMPTY?</tt> is true, the port will enter the
end-of-file state as soon as <tt>pop-data</tt> returns zero, otherwise
the port will enter the end-of-file state as soon as <tt>pop-data</tt>
reports an <tt>ERROR-READ</tt>. The former behaviour is suitable for
envelopes, the latter for sessions.

<verbatim>
  (open-output-object HANDLE DESTROY-ON-CLOSE?) => PORT
</verbatim>

Wraps a cryptlib envelope or session object into an output port. If
<tt>DESTROY-ON-CLOSE?</tt> is true, closing the port causes disposal
of the underlying object using <tt>destroy-object</tt>.

<h2>Exported Constants</h2>

<verbatim>
  ALGO-NONE
  ALGO-DES
  ALGO-3DES
  ALGO-IDEA
  ALGO-RC2
  ALGO-RC4
  ALGO-RC5
  ALGO-AES
  ALGO-BLOWFISH
  ALGO-DH
  ALGO-RSA
  ALGO-DSA
  ALGO-ELGAMAL
  ALGO-ECDSA
  ALGO-ECDH
  ALGO-MD5
  ALGO-SHA1
  ALGO-RIPEMD160
  ALGO-SHA2
  ALGO-SHAng
  ALGO-HMAC-MD5
  ALGO-HMAC-SHA1
  ALGO-HMAC-RIPEMD160
  ALGO-HMAC-SHA2
  ALGO-HMAC-SHAng
  ALGO-FIRST-CONVENTIONAL
  ALGO-LAST-CONVENTIONAL
  ALGO-FIRST-PKC
  ALGO-LAST-PKC
  ALGO-FIRST-HASH
  ALGO-LAST-HASH
  ALGO-FIRST-MAC
  ALGO-LAST-MAC
  MODE-NONE
  MODE-ECB
  MODE-CBC
  MODE-CFB
  MODE-OFB
  MODE-GCM
  MODE-LAST
  KEYSET-NONE
  KEYSET-FILE
  KEYSET-HTTP
  KEYSET-LDAP
  KEYSET-ODBC
  KEYSET-DATABASE
  KEYSET-ODBC-STORE
  KEYSET-DATABASE-STORE
  KEYSET-LAST
  DEVICE-NONE
  DEVICE-FORTEZZA
  DEVICE-PKCS11
  DEVICE-CRYPTOAPI
  DEVICE-HARDWARE
  DEVICE-LAST
  CERTTYPE-NONE
  CERTTYPE-CERTIFICATE
  CERTTYPE-ATTRIBUTE-CERT
  CERTTYPE-CERTCHAIN
  CERTTYPE-CERTREQUEST
  CERTTYPE-REQUEST-CERT
  CERTTYPE-REQUEST-REVOCATION
  CERTTYPE-CRL
  CERTTYPE-CMS-ATTRIBUTES
  CERTTYPE-RTCS-REQUEST
  CERTTYPE-RTCS-RESPONSE
  CERTTYPE-OCSP-REQUEST
  CERTTYPE-OCSP-RESPONSE
  CERTTYPE-PKIUSER
  CERTTYPE-LAST
  FORMAT-NONE
  FORMAT-AUTO
  FORMAT-CRYPTLIB
  FORMAT-CMS
  FORMAT-PKCS7
  FORMAT-SMIME
  FORMAT-PGP
  FORMAT-LAST
  SESSION-NONE
  SESSION-SSH
  SESSION-SSH-SERVER
  SESSION-SSL
  SESSION-SSL-SERVER
  SESSION-RTCS
  SESSION-RTCS-SERVER
  SESSION-OCSP
  SESSION-OCSP-SERVER
  SESSION-TSP
  SESSION-TSP-SERVER
  SESSION-CMP
  SESSION-CMP-SERVER
  SESSION-SCEP
  SESSION-SCEP-SERVER
  SESSION-CERTSTORE-SERVER
  SESSION-LAST
  USER-NONE
  USER-NORMAL
  USER-SO
  USER-CA
  USER-LAST
  ATTRIBUTE-NONE
  PROPERTY-HIGHSECURITY
  PROPERTY-OWNER
  PROPERTY-FORWARDCOUNT
  PROPERTY-LOCKED
  PROPERTY-USAGECOUNT
  PROPERTY-NONEXPORTABLE
  ATTRIBUTE-ERRORTYPE
  ATTRIBUTE-ERRORLOCUS
  ATTRIBUTE-ERRORMESSAGE
  ATTRIBUTE-CURRENT-GROUP
  ATTRIBUTE-CURRENT
  ATTRIBUTE-CURRENT-INSTANCE
  ATTRIBUTE-BUFFERSIZE
  OPTION-INFO-DESCRIPTION
  OPTION-INFO-COPYRIGHT
  OPTION-INFO-MAJORVERSION
  OPTION-INFO-MINORVERSION
  OPTION-INFO-STEPPING
  OPTION-ENCR-ALGO
  OPTION-ENCR-HASH
  OPTION-ENCR-MAC
  OPTION-PKC-ALGO
  OPTION-PKC-KEYSIZE
  OPTION-SIG-ALGO
  OPTION-SIG-KEYSIZE
  OPTION-KEYING-ALGO
  OPTION-KEYING-ITERATIONS
  OPTION-CERT-SIGNUNRECOGNISEDATTRIBUTES
  OPTION-CERT-VALIDITY
  OPTION-CERT-UPDATEINTERVAL
  OPTION-CERT-COMPLIANCELEVEL
  OPTION-CMS-DEFAULTATTRIBUTES
  OPTION-SMIME-DEFAULTATTRIBUTES
  OPTION-KEYS-LDAP-OBJECTCLASS
  OPTION-KEYS-LDAP-OBJECTTYPE
  OPTION-KEYS-LDAP-FILTER
  OPTION-KEYS-LDAP-CACERTNAME
  OPTION-KEYS-LDAP-CERTNAME
  OPTION-KEYS-LDAP-CRLNAME
  OPTION-KEYS-LDAP-EMAILNAME
  OPTION-DEVICE-PKCS11-DVR01
  OPTION-DEVICE-PKCS11-DVR02
  OPTION-DEVICE-PKCS11-DVR03
  OPTION-DEVICE-PKCS11-DVR04
  OPTION-DEVICE-PKCS11-DVR05
  OPTION-DEVICE-PKCS11-HARDWAREONLY
  OPTION-NET-SOCKS-SERVER
  OPTION-NET-SOCKS-USERNAME
  OPTION-NET-HTTP-PROXY
  OPTION-NET-CONNECTTIMEOUT
  OPTION-NET-READTIMEOUT
  OPTION-NET-WRITETIMEOUT
  OPTION-MISC-ASYNCINIT
  OPTION-MISC-SIDECHANNELPROTECTION
  OPTION-CONFIGCHANGED
  OPTION-SELFTESTOK
  CTXINFO-ALGO
  CTXINFO-MODE
  CTXINFO-NAME-ALGO
  CTXINFO-NAME-MODE
  CTXINFO-KEYSIZE
  CTXINFO-BLOCKSIZE
  CTXINFO-IVSIZE
  CTXINFO-KEYING-ALGO
  CTXINFO-KEYING-ITERATIONS
  CTXINFO-KEYING-SALT
  CTXINFO-KEYING-VALUE
  CTXINFO-KEY
  CTXINFO-KEY-COMPONENTS
  CTXINFO-IV
  CTXINFO-HASHVALUE
  CTXINFO-LABEL
  CTXINFO-PERSISTENT
  CERTINFO-SELFSIGNED
  CERTINFO-IMMUTABLE
  CERTINFO-XYZZY
  CERTINFO-CERTTYPE
  CERTINFO-FINGERPRINT
  CERTINFO-FINGERPRINT-MD5
  CERTINFO-FINGERPRINT-SHA1
  CERTINFO-FINGERPRINT-SHA2
  CERTINFO-FINGERPRINT-SHAng
  CERTINFO-TRUSTED-USAGE
  CERTINFO-TRUSTED-IMPLICIT
  CERTINFO-SIGNATURELEVEL
  CERTINFO-VERSION
  CERTINFO-SERIALNUMBER
  CERTINFO-SUBJECTPUBLICKEYINFO
  CERTINFO-CERTIFICATE
  CERTINFO-USERCERTIFICATE
  CERTINFO-CACERTIFICATE
  CERTINFO-ISSUERNAME
  CERTINFO-VALIDFROM
  CERTINFO-VALIDTO
  CERTINFO-SUBJECTNAME
  CERTINFO-ISSUERUNIQUEID
  CERTINFO-SUBJECTUNIQUEID
  CERTINFO-CERTREQUEST
  CERTINFO-THISUPDATE
  CERTINFO-NEXTUPDATE
  CERTINFO-REVOCATIONDATE
  CERTINFO-REVOCATIONSTATUS
  CERTINFO-CERTSTATUS
  CERTINFO-DN
  CERTINFO-PKIUSER-ID
  CERTINFO-PKIUSER-ISSUEPASSWORD
  CERTINFO-PKIUSER-REVPASSWORD
  CERTINFO-COUNTRYNAME
  CERTINFO-STATEORPROVINCENAME
  CERTINFO-LOCALITYNAME
  CERTINFO-ORGANIZATIONNAME
  CERTINFO-ORGANISATIONNAME
  CERTINFO-ORGANIZATIONALUNITNAME
  CERTINFO-ORGANISATIONALUNITNAME
  CERTINFO-COMMONNAME
  CERTINFO-OTHERNAME-TYPEID
  CERTINFO-OTHERNAME-VALUE
  CERTINFO-RFC822NAME
  CERTINFO-EMAIL
  CERTINFO-DNSNAME
  CERTINFO-DIRECTORYNAME
  CERTINFO-EDIPARTYNAME-NAMEASSIGNER
  CERTINFO-EDIPARTYNAME-PARTYNAME
  CERTINFO-UNIFORMRESOURCEIDENTIFIER
  CERTINFO-IPADDRESS
  CERTINFO-REGISTEREDID
  CERTINFO-CHALLENGEPASSWORD
  CERTINFO-CRLEXTREASON
  CERTINFO-KEYFEATURES
  CERTINFO-AUTHORITYINFOACCESS
  CERTINFO-AUTHORITYINFO-RTCS
  CERTINFO-AUTHORITYINFO-OCSP
  CERTINFO-AUTHORITYINFO-CAISSUERS
  CERTINFO-AUTHORITYINFO-CERTSTORE
  CERTINFO-AUTHORITYINFO-CRLS
  CERTINFO-BIOMETRICINFO
  CERTINFO-BIOMETRICINFO-TYPE
  CERTINFO-BIOMETRICINFO-HASHALGO
  CERTINFO-BIOMETRICINFO-HASH
  CERTINFO-BIOMETRICINFO-URL
  CERTINFO-QCSTATEMENT
  CERTINFO-QCSTATEMENT-SEMANTICS
  CERTINFO-QCSTATEMENT-REGISTRATIONAUTHORITY
  CERTINFO-IPADDRESSBLOCKS
  CERTINFO-IPADDRESSBLOCKS-ADDRESSFAMILY
  CERTINFO-IPADDRESSBLOCKS-PREFIX
  CERTINFO-IPADDRESSBLOCKS-MIN
  CERTINFO-IPADDRESSBLOCKS-MAX
  CERTINFO-AUTONOMOUSSYSIDS
  CERTINFO-AUTONOMOUSSYSIDS-ASNUM-ID
  CERTINFO-AUTONOMOUSSYSIDS-ASNUM-MIN
  CERTINFO-AUTONOMOUSSYSIDS-ASNUM-MAX
  CERTINFO-OCSP-NONCE
  CERTINFO-OCSP-RESPONSE
  CERTINFO-OCSP-RESPONSE-OCSP
  CERTINFO-OCSP-NOCHECK
  CERTINFO-OCSP-ARCHIVECUTOFF
  CERTINFO-SUBJECTINFOACCESS
  CERTINFO-SUBJECTINFO-CAREPOSITORY
  CERTINFO-SUBJECTINFO-TIMESTAMPING
  CERTINFO-SUBJECTINFO-SIGNEDOBJECTREPOSITORY
  CERTINFO-SUBJECTINFO-RPKIMANIFEST
  CERTINFO-SUBJECTINFO-SIGNEDOBJECT
  CERTINFO-SIGG-DATEOFCERTGEN
  CERTINFO-SIGG-PROCURATION
  CERTINFO-SIGG-PROCURE-COUNTRY
  CERTINFO-SIGG-PROCURE-TYPEOFSUBSTITUTION
  CERTINFO-SIGG-PROCURE-SIGNINGFOR
  CERTINFO-SIGG-ADMISSIONS
  CERTINFO-SIGG-ADMISSIONS-AUTHORITY
  CERTINFO-SIGG-ADMISSIONS-NAMINGAUTHID
  CERTINFO-SIGG-ADMISSIONS-NAMINGAUTHURL
  CERTINFO-SIGG-ADMISSIONS-NAMINGAUTHTEXT
  CERTINFO-SIGG-ADMISSIONS-PROFESSIONITEM
  CERTINFO-SIGG-ADMISSIONS-PROFESSIONOID
  CERTINFO-SIGG-ADMISSIONS-REGISTRATIONNUMBER
  CERTINFO-SIGG-MONETARYLIMIT
  CERTINFO-SIGG-MONETARY-CURRENCY
  CERTINFO-SIGG-MONETARY-AMOUNT
  CERTINFO-SIGG-MONETARY-EXPONENT
  CERTINFO-SIGG-DECLARATIONOFMAJORITY
  CERTINFO-SIGG-DECLARATIONOFMAJORITY-COUNTRY
  CERTINFO-SIGG-RESTRICTION
  CERTINFO-SIGG-CERTHASH
  CERTINFO-SIGG-ADDITIONALINFORMATION
  CERTINFO-STRONGEXTRANET
  CERTINFO-STRONGEXTRANET-ZONE
  CERTINFO-STRONGEXTRANET-ID
  CERTINFO-SUBJECTDIRECTORYATTRIBUTES
  CERTINFO-SUBJECTDIR-TYPE
  CERTINFO-SUBJECTDIR-VALUES
  CERTINFO-SUBJECTKEYIDENTIFIER
  CERTINFO-KEYUSAGE
  CERTINFO-PRIVATEKEYUSAGEPERIOD
  CERTINFO-PRIVATEKEY-NOTBEFORE
  CERTINFO-PRIVATEKEY-NOTAFTER
  CERTINFO-SUBJECTALTNAME
  CERTINFO-ISSUERALTNAME
  CERTINFO-BASICCONSTRAINTS
  CERTINFO-CA
  CERTINFO-AUTHORITY
  CERTINFO-PATHLENCONSTRAINT
  CERTINFO-CRLNUMBER
  CERTINFO-CRLREASON
  CERTINFO-HOLDINSTRUCTIONCODE
  CERTINFO-INVALIDITYDATE
  CERTINFO-DELTACRLINDICATOR
  CERTINFO-ISSUINGDISTRIBUTIONPOINT
  CERTINFO-ISSUINGDIST-FULLNAME
  CERTINFO-ISSUINGDIST-USERCERTSONLY
  CERTINFO-ISSUINGDIST-CACERTSONLY
  CERTINFO-ISSUINGDIST-SOMEREASONSONLY
  CERTINFO-ISSUINGDIST-INDIRECTCRL
  CERTINFO-CERTIFICATEISSUER
  CERTINFO-NAMECONSTRAINTS
  CERTINFO-PERMITTEDSUBTREES
  CERTINFO-EXCLUDEDSUBTREES
  CERTINFO-CRLDISTRIBUTIONPOINT
  CERTINFO-CRLDIST-FULLNAME
  CERTINFO-CRLDIST-REASONS
  CERTINFO-CRLDIST-CRLISSUER
  CERTINFO-CERTIFICATEPOLICIES
  CERTINFO-CERTPOLICYID
  CERTINFO-CERTPOLICY-CPSURI
  CERTINFO-CERTPOLICY-ORGANIZATION
  CERTINFO-CERTPOLICY-NOTICENUMBERS
  CERTINFO-CERTPOLICY-EXPLICITTEXT
  CERTINFO-POLICYMAPPINGS
  CERTINFO-ISSUERDOMAINPOLICY
  CERTINFO-SUBJECTDOMAINPOLICY
  CERTINFO-AUTHORITYKEYIDENTIFIER
  CERTINFO-AUTHORITY-KEYIDENTIFIER
  CERTINFO-AUTHORITY-CERTISSUER
  CERTINFO-AUTHORITY-CERTSERIALNUMBER
  CERTINFO-POLICYCONSTRAINTS
  CERTINFO-REQUIREEXPLICITPOLICY
  CERTINFO-INHIBITPOLICYMAPPING
  CERTINFO-EXTKEYUSAGE
  CERTINFO-EXTKEY-MS-INDIVIDUALCODESIGNING
  CERTINFO-EXTKEY-MS-COMMERCIALCODESIGNING
  CERTINFO-EXTKEY-MS-CERTTRUSTLISTSIGNING
  CERTINFO-EXTKEY-MS-TIMESTAMPSIGNING
  CERTINFO-EXTKEY-MS-SERVERGATEDCRYPTO
  CERTINFO-EXTKEY-MS-ENCRYPTEDFILESYSTEM
  CERTINFO-EXTKEY-SERVERAUTH
  CERTINFO-EXTKEY-CLIENTAUTH
  CERTINFO-EXTKEY-CODESIGNING
  CERTINFO-EXTKEY-EMAILPROTECTION
  CERTINFO-EXTKEY-IPSECENDSYSTEM
  CERTINFO-EXTKEY-IPSECTUNNEL
  CERTINFO-EXTKEY-IPSECUSER
  CERTINFO-EXTKEY-TIMESTAMPING
  CERTINFO-EXTKEY-OCSPSIGNING
  CERTINFO-EXTKEY-DIRECTORYSERVICE
  CERTINFO-EXTKEY-ANYKEYUSAGE
  CERTINFO-EXTKEY-NS-SERVERGATEDCRYPTO
  CERTINFO-EXTKEY-VS-SERVERGATEDCRYPTO-CA
  CERTINFO-CRLSTREAMIDENTIFIER
  CERTINFO-FRESHESTCRL
  CERTINFO-FRESHESTCRL-FULLNAME
  CERTINFO-FRESHESTCRL-REASONS
  CERTINFO-FRESHESTCRL-CRLISSUER
  CERTINFO-ORDEREDLIST
  CERTINFO-BASEUPDATETIME
  CERTINFO-DELTAINFO
  CERTINFO-DELTAINFO-LOCATION
  CERTINFO-DELTAINFO-NEXTDELTA
  CERTINFO-INHIBITANYPOLICY
  CERTINFO-TOBEREVOKED
  CERTINFO-TOBEREVOKED-CERTISSUER
  CERTINFO-TOBEREVOKED-REASONCODE
  CERTINFO-TOBEREVOKED-REVOCATIONTIME
  CERTINFO-TOBEREVOKED-CERTSERIALNUMBER
  CERTINFO-REVOKEDGROUPS
  CERTINFO-REVOKEDGROUPS-CERTISSUER
  CERTINFO-REVOKEDGROUPS-REASONCODE
  CERTINFO-REVOKEDGROUPS-INVALIDITYDATE
  CERTINFO-REVOKEDGROUPS-STARTINGNUMBER
  CERTINFO-REVOKEDGROUPS-ENDINGNUMBER
  CERTINFO-EXPIREDCERTSONCRL
  CERTINFO-AAISSUINGDISTRIBUTIONPOINT
  CERTINFO-AAISSUINGDIST-FULLNAME
  CERTINFO-AAISSUINGDIST-SOMEREASONSONLY
  CERTINFO-AAISSUINGDIST-INDIRECTCRL
  CERTINFO-AAISSUINGDIST-USERATTRCERTS
  CERTINFO-AAISSUINGDIST-AACERTS
  CERTINFO-AAISSUINGDIST-SOACERTS
  CERTINFO-NS-CERTTYPE
  CERTINFO-NS-BASEURL
  CERTINFO-NS-REVOCATIONURL
  CERTINFO-NS-CAREVOCATIONURL
  CERTINFO-NS-CERTRENEWALURL
  CERTINFO-NS-CAPOLICYURL
  CERTINFO-NS-SSLSERVERNAME
  CERTINFO-NS-COMMENT
  CERTINFO-SET-HASHEDROOTKEY
  CERTINFO-SET-ROOTKEYTHUMBPRINT
  CERTINFO-SET-CERTIFICATETYPE
  CERTINFO-SET-MERCHANTDATA
  CERTINFO-SET-MERID
  CERTINFO-SET-MERACQUIRERBIN
  CERTINFO-SET-MERCHANTLANGUAGE
  CERTINFO-SET-MERCHANTNAME
  CERTINFO-SET-MERCHANTCITY
  CERTINFO-SET-MERCHANTSTATEPROVINCE
  CERTINFO-SET-MERCHANTPOSTALCODE
  CERTINFO-SET-MERCHANTCOUNTRYNAME
  CERTINFO-SET-MERCOUNTRY
  CERTINFO-SET-MERAUTHFLAG
  CERTINFO-SET-CERTCARDREQUIRED
  CERTINFO-SET-TUNNELING
  CERTINFO-SET-TUNNELLING
  CERTINFO-SET-TUNNELINGFLAG
  CERTINFO-SET-TUNNELLINGFLAG
  CERTINFO-SET-TUNNELINGALGID
  CERTINFO-SET-TUNNELLINGALGID
  CERTINFO-CMS-CONTENTTYPE
  CERTINFO-CMS-MESSAGEDIGEST
  CERTINFO-CMS-SIGNINGTIME
  CERTINFO-CMS-COUNTERSIGNATURE
  CERTINFO-CMS-SIGNINGDESCRIPTION
  CERTINFO-CMS-SMIMECAPABILITIES
  CERTINFO-CMS-SMIMECAP-3DES
  CERTINFO-CMS-SMIMECAP-AES
  CERTINFO-CMS-SMIMECAP-CAST128
  CERTINFO-CMS-SMIMECAP-IDEA
  CERTINFO-CMS-SMIMECAP-RC2
  CERTINFO-CMS-SMIMECAP-RC5
  CERTINFO-CMS-SMIMECAP-SKIPJACK
  CERTINFO-CMS-SMIMECAP-DES
  CERTINFO-CMS-SMIMECAP-SHAng
  CERTINFO-CMS-SMIMECAP-SHA2
  CERTINFO-CMS-SMIMECAP-SHA1
  CERTINFO-CMS-SMIMECAP-HMAC-SHAng
  CERTINFO-CMS-SMIMECAP-HMAC-SHA2
  CERTINFO-CMS-SMIMECAP-HMAC-SHA1
  CERTINFO-CMS-SMIMECAP-AUTHENC256
  CERTINFO-CMS-SMIMECAP-AUTHENC128
  CERTINFO-CMS-SMIMECAP-RSA-SHAng
  CERTINFO-CMS-SMIMECAP-RSA-SHA2
  CERTINFO-CMS-SMIMECAP-RSA-SHA1
  CERTINFO-CMS-SMIMECAP-DSA-SHA1
  CERTINFO-CMS-SMIMECAP-ECDSA-SHAng
  CERTINFO-CMS-SMIMECAP-ECDSA-SHA2
  CERTINFO-CMS-SMIMECAP-ECDSA-SHA1
  CERTINFO-CMS-SMIMECAP-PREFERSIGNEDDATA
  CERTINFO-CMS-SMIMECAP-CANNOTDECRYPTANY
  CERTINFO-CMS-SMIMECAP-PREFERBINARYINSIDE
  CERTINFO-CMS-RECEIPTREQUEST
  CERTINFO-CMS-RECEIPT-CONTENTIDENTIFIER
  CERTINFO-CMS-RECEIPT-FROM
  CERTINFO-CMS-RECEIPT-TO
  CERTINFO-CMS-SECURITYLABEL
  CERTINFO-CMS-SECLABEL-CLASSIFICATION
  CERTINFO-CMS-SECLABEL-POLICY
  CERTINFO-CMS-SECLABEL-PRIVACYMARK
  CERTINFO-CMS-SECLABEL-CATTYPE
  CERTINFO-CMS-SECLABEL-CATVALUE
  CERTINFO-CMS-MLEXPANSIONHISTORY
  CERTINFO-CMS-MLEXP-ENTITYIDENTIFIER
  CERTINFO-CMS-MLEXP-TIME
  CERTINFO-CMS-MLEXP-NONE
  CERTINFO-CMS-MLEXP-INSTEADOF
  CERTINFO-CMS-MLEXP-INADDITIONTO
  CERTINFO-CMS-CONTENTHINTS
  CERTINFO-CMS-CONTENTHINT-DESCRIPTION
  CERTINFO-CMS-CONTENTHINT-TYPE
  CERTINFO-CMS-EQUIVALENTLABEL
  CERTINFO-CMS-EQVLABEL-POLICY
  CERTINFO-CMS-EQVLABEL-CLASSIFICATION
  CERTINFO-CMS-EQVLABEL-PRIVACYMARK
  CERTINFO-CMS-EQVLABEL-CATTYPE
  CERTINFO-CMS-EQVLABEL-CATVALUE
  CERTINFO-CMS-SIGNINGCERTIFICATE
  CERTINFO-CMS-SIGNINGCERT-ESSCERTID
  CERTINFO-CMS-SIGNINGCERT-POLICIES
  CERTINFO-CMS-SIGNINGCERTIFICATEV2
  CERTINFO-CMS-SIGNINGCERTV2-ESSCERTIDV2
  CERTINFO-CMS-SIGNINGCERTV2-POLICIES
  CERTINFO-CMS-SIGNATUREPOLICYID
  CERTINFO-CMS-SIGPOLICYID
  CERTINFO-CMS-SIGPOLICYHASH
  CERTINFO-CMS-SIGPOLICY-CPSURI
  CERTINFO-CMS-SIGPOLICY-ORGANIZATION
  CERTINFO-CMS-SIGPOLICY-NOTICENUMBERS
  CERTINFO-CMS-SIGPOLICY-EXPLICITTEXT
  CERTINFO-CMS-SIGTYPEIDENTIFIER
  CERTINFO-CMS-SIGTYPEID-ORIGINATORSIG
  CERTINFO-CMS-SIGTYPEID-DOMAINSIG
  CERTINFO-CMS-SIGTYPEID-ADDITIONALATTRIBUTES
  CERTINFO-CMS-SIGTYPEID-REVIEWSIG
  CERTINFO-CMS-NONCE
  CERTINFO-SCEP-MESSAGETYPE
  CERTINFO-SCEP-PKISTATUS
  CERTINFO-SCEP-FAILINFO
  CERTINFO-SCEP-SENDERNONCE
  CERTINFO-SCEP-RECIPIENTNONCE
  CERTINFO-SCEP-TRANSACTIONID
  CERTINFO-CMS-SPCAGENCYINFO
  CERTINFO-CMS-SPCAGENCYURL
  CERTINFO-CMS-SPCSTATEMENTTYPE
  CERTINFO-CMS-SPCSTMT-INDIVIDUALCODESIGNING
  CERTINFO-CMS-SPCSTMT-COMMERCIALCODESIGNING
  CERTINFO-CMS-SPCOPUSINFO
  CERTINFO-CMS-SPCOPUSINFO-NAME
  CERTINFO-CMS-SPCOPUSINFO-URL
  KEYINFO-QUERY
  KEYINFO-QUERY-REQUESTS
  DEVINFO-INITIALISE
  DEVINFO-INITIALIZE
  DEVINFO-AUTHENT-USER
  DEVINFO-AUTHENT-SUPERVISOR
  DEVINFO-SET-AUTHENT-USER
  DEVINFO-SET-AUTHENT-SUPERVISOR
  DEVINFO-ZEROISE
  DEVINFO-ZEROIZE
  DEVINFO-LOGGEDIN
  DEVINFO-LABEL
  ENVINFO-DATASIZE
  ENVINFO-COMPRESSION
  ENVINFO-CONTENTTYPE
  ENVINFO-DETACHEDSIGNATURE
  ENVINFO-SIGNATURE-RESULT
  ENVINFO-INTEGRITY
  ENVINFO-PASSWORD
  ENVINFO-KEY
  ENVINFO-SIGNATURE
  ENVINFO-SIGNATURE-EXTRADATA
  ENVINFO-RECIPIENT
  ENVINFO-PUBLICKEY
  ENVINFO-PRIVATEKEY
  ENVINFO-PRIVATEKEY-LABEL
  ENVINFO-ORIGINATOR
  ENVINFO-SESSIONKEY
  ENVINFO-HASH
  ENVINFO-TIMESTAMP
  ENVINFO-KEYSET-SIGCHECK
  ENVINFO-KEYSET-ENCRYPT
  ENVINFO-KEYSET-DECRYPT
  SESSINFO-ACTIVE
  SESSINFO-CONNECTIONACTIVE
  SESSINFO-USERNAME
  SESSINFO-PASSWORD
  SESSINFO-PRIVATEKEY
  SESSINFO-KEYSET
  SESSINFO-AUTHRESPONSE
  SESSINFO-SERVER-NAME
  SESSINFO-SERVER-PORT
  SESSINFO-SERVER-FINGERPRINT
  SESSINFO-CLIENT-NAME
  SESSINFO-CLIENT-PORT
  SESSINFO-SESSION
  SESSINFO-NETWORKSOCKET
  SESSINFO-VERSION
  SESSINFO-REQUEST
  SESSINFO-RESPONSE
  SESSINFO-CACERTIFICATE
  SESSINFO-TSP-MSGIMPRINT
  SESSINFO-CMP-REQUESTTYPE
  SESSINFO-CMP-PRIVKEYSET
  SESSINFO-SSH-CHANNEL
  SESSINFO-SSH-CHANNEL-TYPE
  SESSINFO-SSH-CHANNEL-ARG1
  SESSINFO-SSH-CHANNEL-ARG2
  SESSINFO-SSH-CHANNEL-ACTIVE
  SESSINFO-SSL-OPTIONS
  USERINFO-PASSWORD
  USERINFO-CAKEY-CERTSIGN
  USERINFO-CAKEY-CRLSIGN
  USERINFO-CAKEY-RTCSSIGN
  USERINFO-CAKEY-OCSPSIGN
  KEYUSAGE-NONE
  KEYUSAGE-DIGITALSIGNATURE
  KEYUSAGE-NONREPUDIATION
  KEYUSAGE-KEYENCIPHERMENT
  KEYUSAGE-DATAENCIPHERMENT
  KEYUSAGE-KEYAGREEMENT
  KEYUSAGE-KEYCERTSIGN
  KEYUSAGE-CRLSIGN
  KEYUSAGE-ENCIPHERONLY
  KEYUSAGE-DECIPHERONLY
  KEYUSAGE-LAST
  CRLREASON-UNSPECIFIED
  CRLREASON-KEYCOMPROMISE
  CRLREASON-CACOMPROMISE
  CRLREASON-AFFILIATIONCHANGED
  CRLREASON-SUPERSEDED
  CRLREASON-CESSATIONOFOPERATION
  CRLREASON-CERTIFICATEHOLD
  CRLREASON-REMOVEFROMCRL
  CRLREASON-PRIVILEGEWITHDRAWN
  CRLREASON-AACOMPROMISE
  CRLREASON-LAST
  CRLREASON-NEVERVALID
  CRLEXTREASON-LAST
  CRLREASONFLAG-UNUSED
  CRLREASONFLAG-KEYCOMPROMISE
  CRLREASONFLAG-CACOMPROMISE
  CRLREASONFLAG-AFFILIATIONCHANGED
  CRLREASONFLAG-SUPERSEDED
  CRLREASONFLAG-CESSATIONOFOPERATION
  CRLREASONFLAG-CERTIFICATEHOLD
  CRLREASONFLAG-LAST
  HOLDINSTRUCTION-NONE
  HOLDINSTRUCTION-CALLISSUER
  HOLDINSTRUCTION-REJECT
  HOLDINSTRUCTION-PICKUPTOKEN
  HOLDINSTRUCTION-LAST
  COMPLIANCELEVEL-OBLIVIOUS
  COMPLIANCELEVEL-REDUCED
  COMPLIANCELEVEL-STANDARD
  COMPLIANCELEVEL-PKIX-PARTIAL
  COMPLIANCELEVEL-PKIX-FULL
  COMPLIANCELEVEL-LAST
  NS-CERTTYPE-SSLCLIENT
  NS-CERTTYPE-SSLSERVER
  NS-CERTTYPE-SMIME
  NS-CERTTYPE-OBJECTSIGNING
  NS-CERTTYPE-SSLCA
  NS-CERTTYPE-SMIMECA
  NS-CERTTYPE-OBJECTSIGNINGCA
  NS-CERTTYPE-LAST
  SET-CERTTYPE-CARD
  SET-CERTTYPE-MER
  SET-CERTTYPE-PGWY
  SET-CERTTYPE-CCA
  SET-CERTTYPE-MCA
  SET-CERTTYPE-PCA
  SET-CERTTYPE-GCA
  SET-CERTTYPE-BCA
  SET-CERTTYPE-RCA
  SET-CERTTYPE-ACQ
  SET-CERTTYPE-LAST
  CONTENT-NONE
  CONTENT-DATA
  CONTENT-SIGNEDDATA
  CONTENT-ENVELOPEDDATA
  CONTENT-SIGNEDANDENVELOPEDDATA
  CONTENT-DIGESTEDDATA
  CONTENT-ENCRYPTEDDATA
  CONTENT-COMPRESSEDDATA
  CONTENT-TSTINFO
  CONTENT-SPCINDIRECTDATACONTEXT
  CONTENT-RTCSREQUEST
  CONTENT-RTCSRESPONSE
  CONTENT-RTCSRESPONSE-EXT
  CONTENT-MRTD
  CONTENT-LAST
  CLASSIFICATION-UNMARKED
  CLASSIFICATION-UNCLASSIFIED
  CLASSIFICATION-RESTRICTED
  CLASSIFICATION-CONFIDENTIAL
  CLASSIFICATION-SECRET
  CLASSIFICATION-TOP-SECRET
  CLASSIFICATION-LAST
  CERTSTATUS-VALID
  CERTSTATUS-NOTVALID
  CERTSTATUS-NONAUTHORITATIVE
  CERTSTATUS-UNKNOWN
  OCSPSTATUS-NOTREVOKED
  OCSPSTATUS-REVOKED
  OCSPSTATUS-UNKNOWN
  SIGNATURELEVEL-NONE
  SIGNATURELEVEL-SIGNERCERT
  SIGNATURELEVEL-ALL
  SIGNATURELEVEL-LAST
  INTEGRITY-NONE
  INTEGRITY-MACONLY
  INTEGRITY-FULL
  CERTFORMAT-NONE
  CERTFORMAT-CERTIFICATE
  CERTFORMAT-CERTCHAIN
  CERTFORMAT-TEXT-CERTIFICATE
  CERTFORMAT-TEXT-CERTCHAIN
  CERTFORMAT-XML-CERTIFICATE
  CERTFORMAT-XML-CERTCHAIN
  CERTFORMAT-LAST
  REQUESTTYPE-NONE
  REQUESTTYPE-INITIALISATION
  REQUESTTYPE-INITIALIZATION
  REQUESTTYPE-CERTIFICATE
  REQUESTTYPE-KEYUPDATE
  REQUESTTYPE-REVOCATION
  REQUESTTYPE-PKIBOOT
  REQUESTTYPE-LAST
  KEYID-NONE
  KEYID-NAME
  KEYID-URI
  KEYID-EMAIL
  KEYID-LAST
  OBJECT-NONE
  OBJECT-ENCRYPTED-KEY
  OBJECT-PKCENCRYPTED-KEY
  OBJECT-KEYAGREEMENT
  OBJECT-SIGNATURE
  OBJECT-LAST
  ERRTYPE-NONE
  ERRTYPE-ATTR-SIZE
  ERRTYPE-ATTR-VALUE
  ERRTYPE-ATTR-ABSENT
  ERRTYPE-ATTR-PRESENT
  ERRTYPE-CONSTRAINT
  ERRTYPE-ISSUERCONSTRAINT
  ERRTYPE-LAST
  CERTACTION-NONE
  CERTACTION-CREATE
  CERTACTION-CONNECT
  CERTACTION-DISCONNECT
  CERTACTION-ERROR
  CERTACTION-ADDUSER
  CERTACTION-REQUEST-CERT
  CERTACTION-REQUEST-RENEWAL
  CERTACTION-REQUEST-REVOCATION
  CERTACTION-CERT-CREATION
  CERTACTION-CERT-CREATION-COMPLETE
  CERTACTION-CERT-CREATION-DROP
  CERTACTION-CERT-CREATION-REVERSE
  CERTACTION-RESTART-CLEANUP
  CERTACTION-RESTART-REVOKE-CERT
  CERTACTION-ISSUE-CERT
  CERTACTION-ISSUE-CRL
  CERTACTION-REVOKE-CERT
  CERTACTION-EXPIRE-CERT
  CERTACTION-CLEANUP
  CERTACTION-LAST
  SSLOPTION-NONE
  SSLOPTION-MINVER-SSLV3
  SSLOPTION-MINVER-TLS10
  SSLOPTION-MINVER-TLS11
  SSLOPTION-MINVER-TLS12
  SSLOPTION-SUITEB-128
  SSLOPTION-SUITEB-256
  MAX-KEYSIZE
  MAX-IVSIZE
  MAX-PKCSIZE
  MAX-PKCSIZE-ECC
  MAX-HASHSIZE
  MAX-TEXTSIZE
  USE-DEFAULT
  UNUSED
  KEYTYPE-PRIVATE
  KEYTYPE-PUBLIC
  RANDOM-FASTPOLL
  RANDOM-SLOWPOLL
  CURSOR-FIRST
  CURSOR-PREVIOUS
  CURSOR-NEXT
  CURSOR-LAST
  KEYOPT-NONE
  KEYOPT-READONLY
  KEYOPT-CREATE
  KEYOPT-LAST
  OK
  ERROR-PARAM1
  ERROR-PARAM2
  ERROR-PARAM3
  ERROR-PARAM4
  ERROR-PARAM5
  ERROR-PARAM6
  ERROR-PARAM7
  ERROR-MEMORY
  ERROR-NOTINITED
  ERROR-INITED
  ERROR-NOSECURE
  ERROR-RANDOM
  ERROR-FAILED
  ERROR-INTERNAL
  ERROR-NOTAVAIL
  ERROR-PERMISSION
  ERROR-WRONGKEY
  ERROR-INCOMPLETE
  ERROR-COMPLETE
  ERROR-TIMEOUT
  ERROR-INVALID
  ERROR-SIGNALLED
  ERROR-OVERFLOW
  ERROR-UNDERFLOW
  ERROR-BADDATA
  ERROR-SIGNATURE
  ERROR-OPEN
  ERROR-READ
  ERROR-WRITE
  ERROR-NOTFOUND
  ERROR-DUPLICATE
  ENVELOPE-RESOURCE
</verbatim>