Loading doc/apps/cms.pod +29 −2 Original line number Diff line number Diff line Loading @@ -316,8 +316,13 @@ verification was successful. =item B<-recip file> the recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs. when decrypting a message this specifies the recipients certificate. The certificate must match one of the recipients of the message or an error occurs. When encrypting a message this option may be used multiple times to specify each recipient. This form B<must> be used if customised parameters are required (for example to specify RSA-OAEP). =item B<-keyid> Loading Loading @@ -376,6 +381,12 @@ private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. When signing this option can be used multiple times to specify successive keys. =item B<-keyopt name:opt> for signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can currently be used to set RSA-PSS for signing or RSA-OAEP for encryption. =item B<-passin arg> the private key password source. For more information about the format of B<arg> Loading Loading @@ -573,6 +584,16 @@ Add a signer to an existing message: openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg Sign mail using RSA-PSS: openssl cms -sign -in message.txt -text -out mail.msg \ -signer mycert.pem -keyopt rsa_padding_mode:pss Create encrypted mail using RSA-OAEP: openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg \ -recip cert.pem -keyopt rsa_padding_mode:oaep =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've Loading @@ -598,5 +619,11 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 The B<keyopt> option was first added in OpenSSL 1.1.0 The use of B<-recip> to specify the recipient when encrypting mail was first added to OpenSSL 1.1.0 Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. =cut Loading
doc/apps/cms.pod +29 −2 Original line number Diff line number Diff line Loading @@ -316,8 +316,13 @@ verification was successful. =item B<-recip file> the recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs. when decrypting a message this specifies the recipients certificate. The certificate must match one of the recipients of the message or an error occurs. When encrypting a message this option may be used multiple times to specify each recipient. This form B<must> be used if customised parameters are required (for example to specify RSA-OAEP). =item B<-keyid> Loading Loading @@ -376,6 +381,12 @@ private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. When signing this option can be used multiple times to specify successive keys. =item B<-keyopt name:opt> for signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can currently be used to set RSA-PSS for signing or RSA-OAEP for encryption. =item B<-passin arg> the private key password source. For more information about the format of B<arg> Loading Loading @@ -573,6 +584,16 @@ Add a signer to an existing message: openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg Sign mail using RSA-PSS: openssl cms -sign -in message.txt -text -out mail.msg \ -signer mycert.pem -keyopt rsa_padding_mode:pss Create encrypted mail using RSA-OAEP: openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg \ -recip cert.pem -keyopt rsa_padding_mode:oaep =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've Loading @@ -598,5 +619,11 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 The B<keyopt> option was first added in OpenSSL 1.1.0 The use of B<-recip> to specify the recipient when encrypting mail was first added to OpenSSL 1.1.0 Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. =cut
