154aa6d63Sopenharmony_ci/* 254aa6d63Sopenharmony_ci * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 354aa6d63Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 454aa6d63Sopenharmony_ci * you may not use this file except in compliance with the License. 554aa6d63Sopenharmony_ci * You may obtain a copy of the License at 654aa6d63Sopenharmony_ci * 754aa6d63Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 854aa6d63Sopenharmony_ci * 954aa6d63Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 1054aa6d63Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 1154aa6d63Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1254aa6d63Sopenharmony_ci * See the License for the specific language governing permissions and 1354aa6d63Sopenharmony_ci * limitations under the License. 1454aa6d63Sopenharmony_ci */ 1554aa6d63Sopenharmony_ci 1654aa6d63Sopenharmony_ciUSAGE: <generate-keypair|generate-csr|generate-cert|generate-ca|generate-app-cert|generate-profile-cert> [options] 1754aa6d63Sopenharmony_ciUSAGE: <sign-profile|verify-profile|sign-app|verify-app> [options] 1854aa6d63Sopenharmony_ci 1954aa6d63Sopenharmony_ci generate-keypair [options]: 2054aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 2154aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 2254aa6d63Sopenharmony_ci -keyAlg : key algorithm, required fields, including RSA/ECC; 2354aa6d63Sopenharmony_ci -keySize : key size, required fields, the size of the RSA algorithm is 2048/3072/4096, and the size of the ECC algorithm is NIST-P-256/NIST-P-384; 2454aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 2554aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 2654aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 2754aa6d63Sopenharmony_ci 2854aa6d63Sopenharmony_ci EXAMPLE: 2954aa6d63Sopenharmony_ci generate-keypair -keyAlias "oh-app1-key-v1" -keyPwd ****** -keyAlg ECC -keySize NIST-P-256 -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** 3054aa6d63Sopenharmony_ci generate-keypair -keyAlias "oh-profile-key-v1" -keyPwd ****** -keyAlg RSA -keySize 2048 -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** 3154aa6d63Sopenharmony_ci 3254aa6d63Sopenharmony_ci generate-csr [options]: 3354aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 3454aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 3554aa6d63Sopenharmony_ci -subject : certificate subject, required fields; 3654aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 3754aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 3854aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 3954aa6d63Sopenharmony_ci -outFile : output file, optional fields, if not filled, it will be directly output to the console; 4054aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 4154aa6d63Sopenharmony_ci 4254aa6d63Sopenharmony_ci EXAMPLE: 4354aa6d63Sopenharmony_ci generate-csr -keyAlias "oh-app1-key-v1" -keyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Release" -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\oh-app1-key-v1.csr" 4454aa6d63Sopenharmony_ci 4554aa6d63Sopenharmony_ci generate-cert [options]: 4654aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 4754aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 4854aa6d63Sopenharmony_ci -issuer : issuer subject, required fields; 4954aa6d63Sopenharmony_ci -issuerKeyAlias : issuer key alias, required fields; 5054aa6d63Sopenharmony_ci -issuerKeyPwd : issuer key password, optional fields; 5154aa6d63Sopenharmony_ci -subject : certificate subject, required fields; 5254aa6d63Sopenharmony_ci -validity : certificate validity, optional fields, the default is 1095 days; 5354aa6d63Sopenharmony_ci -keyUsage : key usage, required fields, including digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, certificateSignature, crlSignature, encipherOnly and decipherOnly, if the certificate includes multiple key usages, separate them with commas; 5454aa6d63Sopenharmony_ci -keyUsageCritical : whether keyUsage is a key item, optional fields, the default is true; 5554aa6d63Sopenharmony_ci -extKeyUsage : extended key usage, optional fields, including clientAuthentication, serverAuthentication, codeSignature, emailProtection, smartCardLogin, timestamp, ocspSignature; 5654aa6d63Sopenharmony_ci -extKeyUsageCritical : whether extKeyUsage is a key item, optional fields, the default is false; 5754aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 5854aa6d63Sopenharmony_ci -basicConstraints : whether to include basicConstraints, optional fields, the default is false; 5954aa6d63Sopenharmony_ci -basicConstraintsCritical : whether basicConstraints is a key item, optional fields, the default is false; 6054aa6d63Sopenharmony_ci -basicConstraintsCa : whether it is CA, optional fields, the default is false; 6154aa6d63Sopenharmony_ci -basicConstraintsPathLen : basicConstraints path length, optional fields, the default is 0; 6254aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 6354aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 6454aa6d63Sopenharmony_ci -outFile : output file, optional fields, if not filled, it will be directly output to the console; 6554aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 6654aa6d63Sopenharmony_ci -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; 6754aa6d63Sopenharmony_ci -issuerKeystorePwd : issuer keystore password, optional fields; 6854aa6d63Sopenharmony_ci 6954aa6d63Sopenharmony_ci EXAMPLE: 7054aa6d63Sopenharmony_ci generate-cert -keyAlias "oh-app1-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Application Signature Service CA" -issuerKeyAlias "oh-app-sign-srv-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Release" -validity 365 -keyUsage digitalSignature -extKeyUsage codeSignature -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\app1.cer" 7154aa6d63Sopenharmony_ci 7254aa6d63Sopenharmony_ci generate-ca [options]: 7354aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 7454aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 7554aa6d63Sopenharmony_ci -keyAlg : key algorithm, required fields, including RSA/ECC; 7654aa6d63Sopenharmony_ci -keySize : key size, required fields, the size of the RSA algorithm is 2048/3072/4096, and the size of the ECC algorithm is NIST-P-256/NIST-P-384; 7754aa6d63Sopenharmony_ci -issuer : issuer subject, optional fields, if it is empty, it means root CA; 7854aa6d63Sopenharmony_ci -issuerKeyAlias : issuer key alias, optional fields, if it is empty, it means root CA; 7954aa6d63Sopenharmony_ci -issuerKeyPwd : issuer key password, optional fields; 8054aa6d63Sopenharmony_ci -subject : certificate subject, required fields; 8154aa6d63Sopenharmony_ci -validity : certificate validity, optional fields, the default is 3650 days; 8254aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 8354aa6d63Sopenharmony_ci -basicConstraintsPathLen : basicConstraints path length, optional fields, the default is 0; 8454aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 8554aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 8654aa6d63Sopenharmony_ci -outFile : output file, optional fields, if not filled, it will be directly output to the console; 8754aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 8854aa6d63Sopenharmony_ci -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; 8954aa6d63Sopenharmony_ci -issuerKeystorePwd : issuer keystore password, optional fields; 9054aa6d63Sopenharmony_ci 9154aa6d63Sopenharmony_ci EXAMPLE: 9254aa6d63Sopenharmony_ci generate-ca -keyAlias "oh-root-ca-key-v1" -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -validity 365 -signAlg SHA384withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\root-ca.cer" -keyAlg RSA -keySize 2048 9354aa6d63Sopenharmony_ci generate-ca -keyAlias "oh-app1-key-v1" -keyAlg RSA -keySize 2048 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-sub-app-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA384withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\sub-app-sign-srv-ca.cer" 9454aa6d63Sopenharmony_ci generate-ca -keyAlias "oh-profile-key-v1" -keyAlg RSA -keySize 4096 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-sub-profile-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Profile Signature Service CA" -validity 365 -signAlg SHA384withECDSA -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outFile "D:\OH\sub-profile-sign-srv-ca.cer" 9554aa6d63Sopenharmony_ci 9654aa6d63Sopenharmony_ci generate-app-cert [options]: 9754aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 9854aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 9954aa6d63Sopenharmony_ci -issuer : issuer subject, required fields; 10054aa6d63Sopenharmony_ci -issuerKeyAlias : issuer key alias, required fields; 10154aa6d63Sopenharmony_ci -issuerKeyPwd : issuer key password, optional fields; 10254aa6d63Sopenharmony_ci -subject : certificate subject, required fields; 10354aa6d63Sopenharmony_ci -validity : certificate validity, optional fields, the default is 1095 days; 10454aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 10554aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 10654aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 10754aa6d63Sopenharmony_ci -outForm : the format of the output certificate file, including cert/certChain, optional fields, the default is cert; 10854aa6d63Sopenharmony_ci -rootCaCertFile : root CA certificate file, required when outForm is certChain; 10954aa6d63Sopenharmony_ci -subCaCertFile : secondary sub-CA certificate file, required when outForm is certChain; 11054aa6d63Sopenharmony_ci -outFile : output certificate file (certificate or certificate chain), optional fields, if not filled, it will be directly output to the console; 11154aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 11254aa6d63Sopenharmony_ci -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; 11354aa6d63Sopenharmony_ci -issuerKeystorePwd : issuer keystore password, optional fields; 11454aa6d63Sopenharmony_ci 11554aa6d63Sopenharmony_ci EXAMPLE: 11654aa6d63Sopenharmony_ci generate-app-cert -keyAlias "oh-app1-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Application Debug Signature Service CA" -issuerKeyAlias "oh-app-sign-debug-srv-ca-key-v1" -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Debug" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-app-sign-srv-ca.cer" -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\app-debug-cert.cer" 11754aa6d63Sopenharmony_ci generate-app-cert -keyAlias "oh-app1-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Application Release Signature Service CA" -issuerKeyAlias "oh-app-sign-release-srv-ca-key-v1" -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Release" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-app-sign-srv-ca.cer" -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\app-release-cert.cer" 11854aa6d63Sopenharmony_ci 11954aa6d63Sopenharmony_ci generate-profile-cert [options]: 12054aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 12154aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 12254aa6d63Sopenharmony_ci -issuer : issuer subject, required fields; 12354aa6d63Sopenharmony_ci -issuerKeyAlias : issuer key alias, required fields; 12454aa6d63Sopenharmony_ci -issuerKeyPwd : issuer key password, optional fields; 12554aa6d63Sopenharmony_ci -subject : certificate subject, required fields; 12654aa6d63Sopenharmony_ci -validity : certificate validity, optional fields, the default is 1095 days; 12754aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 12854aa6d63Sopenharmony_ci -keystoreFile : keystore file, required fields, JKS or P12 format; 12954aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 13054aa6d63Sopenharmony_ci -outForm : the format of the output certificate file, including cert/certChain, optional fields, the default is cert; 13154aa6d63Sopenharmony_ci -rootCaCertFile : root CA certificate file, required when outForm is certChain; 13254aa6d63Sopenharmony_ci -subCaCertFile : secondary sub-CA certificate file, required when outForm is certChain; 13354aa6d63Sopenharmony_ci -outFile : output file, optional fields, if not filled, it will be directly output to the console; 13454aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 13554aa6d63Sopenharmony_ci -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; 13654aa6d63Sopenharmony_ci -issuerKeystorePwd : issuer keystore password, optional fields; 13754aa6d63Sopenharmony_ci 13854aa6d63Sopenharmony_ci EXAMPLE: 13954aa6d63Sopenharmony_ci generate-profile-cert -keyAlias "oh-profile-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Debug Signature Service CA" -issuerKeyAlias "oh-profile-sign-debug-srv-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Debug" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-profile-sign-srv-ca.cer" -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\provision-profile-debug.cer" 14054aa6d63Sopenharmony_ci generate-profile-cert -keyAlias "oh-profile-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Release Signature Service CA" -issuerKeyAlias "oh-profile-sign-release-srv-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Release" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-profile-sign-srv-ca.cer" -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\provision-profile-release.cer" 14154aa6d63Sopenharmony_ci 14254aa6d63Sopenharmony_ci sign-profile [options]: 14354aa6d63Sopenharmony_ci -mode : signature mode, required fields, including localSign/remoteSign; 14454aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 14554aa6d63Sopenharmony_ci -keyPwd : key password, optional fields; 14654aa6d63Sopenharmony_ci -profileCertFile : profile signing certificate (certificate chain, the order is three-level-two-root), required fields; 14754aa6d63Sopenharmony_ci -inFile : input original Provision Profile file, required fields; 14854aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 14954aa6d63Sopenharmony_ci -keystoreFile : keystore file, if signature mode is localSign, required fields, JKS or P12 format; 15054aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields; 15154aa6d63Sopenharmony_ci -outFile : output the signed Provision Profile file, p7b format, required fields; 15254aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 15354aa6d63Sopenharmony_ci 15454aa6d63Sopenharmony_ci EXAMPLE: 15554aa6d63Sopenharmony_ci sign-profile -mode localSign -keyAlias "oh-profile-key-v1" -keyPwd ****** -profileCertFile "D:\OH\provision-profile-release.cer" -inFile "D:\OH\app1-profile-release.json" -signAlg SHA256withECDSA -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outFile "D:\OH\signed-profile.p7b" 15654aa6d63Sopenharmony_ci 15754aa6d63Sopenharmony_ci verify-profile [options]: 15854aa6d63Sopenharmony_ci -inFile : signed Provision Profile file, p7b format, required fields; 15954aa6d63Sopenharmony_ci -outFile : Verification result file (including verification result and profile content), json format, optional; if not filled, it will be directly output to the console; 16054aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 16154aa6d63Sopenharmony_ci 16254aa6d63Sopenharmony_ci EXAMPLE: 16354aa6d63Sopenharmony_ci verify-profile -inFile "D:\OH\signed-profile.p7b" -outFile "D:\OH\VerifyResult.json" 16454aa6d63Sopenharmony_ci 16554aa6d63Sopenharmony_ci sign-app [options]: 16654aa6d63Sopenharmony_ci -mode : signature mode, required fields, including localSign/remoteSign/remoteResign; 16754aa6d63Sopenharmony_ci -keyAlias : key alias, required fields; 16854aa6d63Sopenharmony_ci -keyPwd : key password, optional fields on localSign mode; 16954aa6d63Sopenharmony_ci -appCertFile : application signature certificate file, required fields on localSign mode, optional fields on remoteSign mode; 17054aa6d63Sopenharmony_ci -profileFile : signed Provision Profile file, p7b format, required fields; 17154aa6d63Sopenharmony_ci -profileSigned : indicates whether the profile file has a signature.The options are as follows: 1:yes; 0:no; default value:1. optional fields; 17254aa6d63Sopenharmony_ci -inFile : input original application package file, .hap, .bin, and .elf format, required fields; 17354aa6d63Sopenharmony_ci -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; 17454aa6d63Sopenharmony_ci -keystoreFile : keystore file, if signature mode is localSign, required fields on localSign mode, JKS or P12 format; 17554aa6d63Sopenharmony_ci -keystorePwd : keystore password, optional fields on localSign mode; 17654aa6d63Sopenharmony_ci -outFile : output the signed Provision Profile file, required fields; 17754aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 17854aa6d63Sopenharmony_ci -inForm : Enter the format of the original file. The supported file formats include .zip, .bin, and .elf.; 17954aa6d63Sopenharmony_ci -compatibleVersion : min compatible api version for running app, required fields while input original application package file format is hap; 18054aa6d63Sopenharmony_ci -signServer : remote signer plugin, required fields on remoteSign mode; 18154aa6d63Sopenharmony_ci -signerPlugin : remote sign service url, required fields on remoteSign mode; 18254aa6d63Sopenharmony_ci -onlineAuthMode : remote sign auth mode, required fields on remoteSign mode, including account; 18354aa6d63Sopenharmony_ci -username : user account for online auth, required fields on remoteSign mode with account auth mode; 18454aa6d63Sopenharmony_ci -userPwd : user password for online auth, required fields on remoteSign mode with account auth mode; 18554aa6d63Sopenharmony_ci -ext : extend parameters for remote signer plugin, optional fields; 18654aa6d63Sopenharmony_ci -signCode : Whether the HAP file is signed code, The options are as follows: 1:yes; 0:no; default value:1. code sign is only enabled for hap, hsp, hqf and elf. optional fields. 18754aa6d63Sopenharmony_ci 18854aa6d63Sopenharmony_ci EXAMPLE: 18954aa6d63Sopenharmony_ci sign-app -mode localSign -keyAlias "oh-app1-key-v1" -appCertFile "D:\OH\app-release-cert.cer" -profileFile "D:\OH\signed-profile.p7b" -inFile "D:\OH\app1-unsigned.hap" -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\app1-signed.hap -compatibleVersion 8" -signCode "1" 19054aa6d63Sopenharmony_ci 19154aa6d63Sopenharmony_ci verify-app [options]: 19254aa6d63Sopenharmony_ci -inFile : signed application package file, hap or bin format, required fields; 19354aa6d63Sopenharmony_ci -outCertChain : signed certificate chain file, required fields; 19454aa6d63Sopenharmony_ci -outProfile : profile file in application package, required fields; 19554aa6d63Sopenharmony_ci -extCfgFile : Extend Profile, optional fields; 19654aa6d63Sopenharmony_ci -inForm : Enter the format of the original file. The supported file formats include .zip, .bin, and .elf.; 19754aa6d63Sopenharmony_ci 19854aa6d63Sopenharmony_ci EXAMPLE: 19954aa6d63Sopenharmony_ci verify-app -inFile "D:\OH\app1-signed.hap" -outCertChain "outCertChain.cer" -outProfile "outprofile.p7b" 20054aa6d63Sopenharmony_ci 20154aa6d63Sopenharmony_ciCOMMANDS: 20254aa6d63Sopenharmony_ci generate-keypair : generate key pair 20354aa6d63Sopenharmony_ci generate-csr : generate certificate signing request 20454aa6d63Sopenharmony_ci generate-cert : generate certificate in full, large and complete, any certificate can be generated 20554aa6d63Sopenharmony_ci generate-ca : generate root/subject CA certificate, if the key does not exist, generate the key together 20654aa6d63Sopenharmony_ci generate-app-cert : generate application debug/release certificate 20754aa6d63Sopenharmony_ci generate-profile-cert : generate application debug/release certificate 20854aa6d63Sopenharmony_ci sign-profile : Provision Profile file signature 20954aa6d63Sopenharmony_ci verify-profile : Provision Profile file verification 21054aa6d63Sopenharmony_ci sign-app : application package signature 21154aa6d63Sopenharmony_ci verify-app : application package file verification