smallstep
Add certificate extract command for conversion between P12, PEM, and DER
@maraino @z8674558 I've reviewed and generally everything looks good to me. I committed some grammar / documentation changes on top.
The only additional question / comment I have is whether we should use --decrypt-password-file and --encrypt-password-file? Otherwise I can see it being confusing whether --password-file is the flag to decrypt the old file or to encrypt the new p12 or key file. For example, you may want password-file to decrypt the input and --no-password to leave the output unencrypted - currently this would throw an error.
Maybe our answer to the above is that we always use the same encryption on the output as was used on the input, but then there's no need for --no-password and --insecure.
Usage is not clear, sometimes flags are used as input sometimes as output, It should be consistent and print always to standard output or use the --out flag.
@maraino Doesn't that contradict what we laid out here: https://github.com/smallstep/cli/pull/574#issuecomment-966545561?