| cms.pod (264331) | cms.pod (267258) |
|---|---|
| 1=pod 2 3=head1 NAME 4 5cms - CMS utility 6 7=head1 SYNOPSIS 8 --- 76 unchanged lines hidden (view full) --- 85actual CMS type is <B>EnvelopedData<B>. 86 87=item B<-decrypt> 88 89decrypt mail using the supplied certificate and private key. Expects an 90encrypted mail message in MIME format for the input file. The decrypted mail 91is written to the output file. 92 | 1=pod 2 3=head1 NAME 4 5cms - CMS utility 6 7=head1 SYNOPSIS 8 --- 76 unchanged lines hidden (view full) --- 85actual CMS type is <B>EnvelopedData<B>. 86 87=item B<-decrypt> 88 89decrypt mail using the supplied certificate and private key. Expects an 90encrypted mail message in MIME format for the input file. The decrypted mail 91is written to the output file. 92 |
| 93=item B<-debug_decrypt> 94 95this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used 96with caution: see the notes section below. 97 |
|
| 93=item B<-sign> 94 95sign mail using the supplied certificate and private key. Input file is 96the message to be signed. The signed message in MIME format is written 97to the output file. 98 99=item B<-verify> 100 --- 340 unchanged lines hidden (view full) --- 441As a result the encoding is BER using indefinite length constructed encoding 442and no longer DER. Streaming is supported for the B<-encrypt> operation and the 443B<-sign> operation if the content is not detached. 444 445Streaming is always used for the B<-sign> operation with detached data but 446since the content is no longer part of the CMS structure the encoding 447remains DER. 448 | 98=item B<-sign> 99 100sign mail using the supplied certificate and private key. Input file is 101the message to be signed. The signed message in MIME format is written 102to the output file. 103 104=item B<-verify> 105 --- 340 unchanged lines hidden (view full) --- 446As a result the encoding is BER using indefinite length constructed encoding 447and no longer DER. Streaming is supported for the B<-encrypt> operation and the 448B<-sign> operation if the content is not detached. 449 450Streaming is always used for the B<-sign> operation with detached data but 451since the content is no longer part of the CMS structure the encoding 452remains DER. 453 |
| 454If the B<-decrypt> option is used without a recipient certificate then an 455attempt is made to locate the recipient by trying each potential recipient 456in turn using the supplied private key. To thwart the MMA attack 457(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are 458tried whether they succeed or not and if no recipients match the message 459is "decrypted" using a random key which will typically output garbage. 460The B<-debug_decrypt> option can be used to disable the MMA attack protection 461and return an error if no recipient can be found: this option should be used 462with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>). 463 |
|
| 449=head1 EXIT CODES 450 451=over 4 452 453=item Z<>0 454 455the operation was completely successfully. 456 --- 146 unchanged lines hidden --- | 464=head1 EXIT CODES 465 466=over 4 467 468=item Z<>0 469 470the operation was completely successfully. 471 --- 146 unchanged lines hidden --- |