Lines Matching refs:B
9 B<openssl> B<cms>
10 [B<-encrypt>]
11 [B<-decrypt>]
12 [B<-sign>]
13 [B<-verify>]
14 [B<-cmsout>]
15 [B<-resign>]
16 [B<-data_create>]
17 [B<-data_out>]
18 [B<-digest_create>]
19 [B<-digest_verify>]
20 [B<-compress>]
21 [B<-uncompress>]
22 [B<-EncryptedData_encrypt>]
23 [B<-sign_receipt>]
24 [B<-verify_receipt receipt>]
25 [B<-in filename>]
26 [B<-inform SMIME|PEM|DER>]
27 [B<-rctform SMIME|PEM|DER>]
28 [B<-out filename>]
29 [B<-outform SMIME|PEM|DER>]
30 [B<-stream -indef -noindef>]
31 [B<-noindef>]
32 [B<-content filename>]
33 [B<-text>]
34 [B<-noout>]
35 [B<-print>]
36 [B<-CAfile file>]
37 [B<-CApath dir>]
38 [B<-no_alt_chains>]
39 [B<-md digest>]
40 [B<-[cipher]>]
41 [B<-nointern>]
42 [B<-no_signer_cert_verify>]
43 [B<-nocerts>]
44 [B<-noattr>]
45 [B<-nosmimecap>]
46 [B<-binary>]
47 [B<-nodetach>]
48 [B<-certfile file>]
49 [B<-certsout file>]
50 [B<-signer file>]
51 [B<-recip file>]
52 [B<-keyid>]
53 [B<-receipt_request_all -receipt_request_first>]
54 [B<-receipt_request_from emailaddress>]
55 [B<-receipt_request_to emailaddress>]
56 [B<-receipt_request_print>]
57 [B<-secretkey key>]
58 [B<-secretkeyid id>]
59 [B<-econtent_type type>]
60 [B<-inkey file>]
61 [B<-keyopt name:parameter>]
62 [B<-passin arg>]
63 [B<-rand file(s)>]
64 [B<cert.pem...>]
65 [B<-to addr>]
66 [B<-from addr>]
67 [B<-subject subj>]
72 The B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and
83 =item B<-encrypt>
87 actual CMS type is <B>EnvelopedData<B>.
89 =item B<-decrypt>
95 =item B<-debug_decrypt>
97 this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used
100 =item B<-sign>
106 =item B<-verify>
111 =item B<-cmsout>
115 =item B<-resign>
119 =item B<-data_create>
121 Create a CMS B<Data> type.
123 =item B<-data_out>
125 B<Data> type and output the content.
127 =item B<-digest_create>
129 Create a CMS B<DigestedData> type.
131 =item B<-digest_verify>
133 Verify a CMS B<DigestedData> type and output the content.
135 =item B<-compress>
137 Create a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib>
140 =item B<-uncompress>
142 Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
143 compiled with B<zlib> support for this option to work, otherwise it will
146 =item B<-EncryptedData_encrypt>
149 B<EncrytedData> type and output the content.
151 =item B<-sign_receipt>
154 message B<must> contain a signed receipt request. Functionality is otherwise
155 similar to the B<-sign> operation.
157 =item B<-verify_receipt receipt>
159 Verify a signed receipt in filename B<receipt>. The input message B<must>
161 to the B<-verify> operation.
163 =item B<-in filename>
168 =item B<-inform SMIME|PEM|DER>
171 is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
175 B<-encrypt> or B<-sign>) this option has no effect.
177 =item B<-rctform SMIME|PEM|DER>
179 specify the format for a signed receipt for use with the B<-receipt_verify>
182 =item B<-out filename>
187 =item B<-outform SMIME|PEM|DER>
190 is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER>
194 B<-verify> or B<-decrypt>) this option has no effect.
196 =item B<-stream -indef -noindef>
198 the B<-stream> and B<-indef> options are equivalent and enable streaming I/O
202 data if the output format is B<SMIME> it is currently off by default for all
205 =item B<-noindef>
211 =item B<-content filename>
214 useful with the B<-verify> command. This is only usable if the CMS
219 =item B<-text>
226 =item B<-noout>
228 for the B<-cmsout> operation do not output the parsed CMS structure. This
229 is useful when combined with the B<-print> option or if the syntax of the CMS
232 =item B<-print>
234 for the B<-cmsout> operation print out all fields of the CMS structure. This
237 =item B<-CAfile file>
239 a file containing trusted CA certificates, only used with B<-verify>.
241 =item B<-CApath dir>
244 B<-verify>. This directory must be a standard certificate directory: that
245 is a hash of each subject name (using B<x509 -hash>) should be linked
248 =item B<-md digest>
253 =item B<-[cipher]>
255 the encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
256 or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
258 example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers
261 If not specified triple DES is used. Only used with B<-encrypt> and
262 B<-EncryptedData_create> commands.
264 =item B<-nointern>
268 only the certificates specified in the B<-certfile> option are used.
271 =item B<-no_signer_cert_verify>
275 =item B<-nocerts>
280 available locally (passed using the B<-certfile> option for example).
282 =item B<-noattr>
288 =item B<-nosmimecap>
293 =item B<-binary>
300 =item B<-nodetach>
307 =item B<-certfile file>
313 =item B<-certsout file>
315 any certificates contained in the message are written to B<file>.
317 =item B<-signer file>
324 =item B<-recip file>
331 each recipient. This form B<must> be used if customised parameters are
334 =item B<-keyid>
337 serial number. The supplied certificate B<must> include a subject key
338 identifier extension. Supported by B<-sign> and B<-encrypt> options.
340 =item B<-receipt_request_all -receipt_request_first>
342 for B<-sign> option include a signed receipt request. Indicate requests should
344 and not from a mailing list). Ignored it B<-receipt_request_from> is included.
346 =item B<-receipt_request_from emailaddress>
348 for B<-sign> option include a signed receipt request. Add an explicit email
351 =item B<-receipt_request_to emailaddress>
354 option B<must> but supplied if a signed receipt it requested.
356 =item B<-receipt_request_print>
358 For the B<-verify> operation print out the contents of any signed receipt
361 =item B<-secretkey key>
364 consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
365 B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
366 with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
367 content encryption key using an AES key in the B<KEKRecipientInfo> type.
369 =item B<-secretkeyid id>
371 the key identifier for the supplied symmetric key for B<KEKRecipientInfo> type.
372 This option B<must> be present if the B<-secretkey> option is used with
373 B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the
375 B<KEKRecipientInfo> structures.
377 =item B<-econtent_type type>
379 set the encapsulated content type to B<type> if not supplied the B<Data> type
380 is used. The B<type> argument can be any valid OID name in either text or
383 =item B<-inkey file>
388 the B<-recip> or B<-signer> file. When signing this option can be used
391 =item B<-keyopt name:opt>
398 =item B<-passin arg>
400 the private key password source. For more information about the format of B<arg>
401 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
403 =item B<-rand file(s)>
408 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
411 =item B<cert.pem...>
416 =item B<-to, -from, -subject>
423 =item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -ext…
426 L<B<verify>|verify(1)> manual page for details.
439 properly (if at all). You can use the B<-text> option to automatically
451 The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
455 The B<-resign> option uses an existing message digest when adding a new
459 The B<-stream> and B<-indef> options enable experimental streaming I/O support.
461 and no longer DER. Streaming is supported for the B<-encrypt> operation and the
462 B<-sign> operation if the content is not detached.
464 Streaming is always used for the B<-sign> operation with detached data but
468 If the B<-decrypt> option is used without a recipient certificate then an
474 The B<-debug_decrypt> option can be used to disable the MMA attack protection
512 The B<smime> utility can only process the older B<PKCS#7> format. The B<cms>
517 The use of the B<-keyid> option with B<-sign> or B<-encrypt>.
519 The B<-outform PEM> option uses different headers.
521 The B<-compress> option.
523 The B<-secretkey> option when used with B<-encrypt>.
525 The use of PSS with B<-sign>.
527 The use of OAEP or non-RSA keys with B<-encrypt>.
529 Additionally the B<-EncryptedData_create> and B<-data_create> type cannot
530 be processed by the older B<smime> command.
578 Note: the encryption command does not include the B<-text> option because the
646 The use of multiple B<-signer> options and the B<-resign> command were first
649 The B<keyopt> option was first added in OpenSSL 1.1.0
651 The use of B<-recip> to specify the recipient when encrypting mail was first
656 The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added