smime.pod (127128) | smime.pod (162911) |
---|---|
1=pod 2 3=head1 NAME 4 5smime - S/MIME utility 6 7=head1 SYNOPSIS 8 --- 6 unchanged lines hidden (view full) --- 15[B<-des>] 16[B<-des3>] 17[B<-rc2-40>] 18[B<-rc2-64>] 19[B<-rc2-128>] 20[B<-aes128>] 21[B<-aes192>] 22[B<-aes256>] | 1=pod 2 3=head1 NAME 4 5smime - S/MIME utility 6 7=head1 SYNOPSIS 8 --- 6 unchanged lines hidden (view full) --- 15[B<-des>] 16[B<-des3>] 17[B<-rc2-40>] 18[B<-rc2-64>] 19[B<-rc2-128>] 20[B<-aes128>] 21[B<-aes192>] 22[B<-aes256>] |
23[B<-camellia128>] 24[B<-camellia192>] 25[B<-camellia256>] |
|
23[B<-in file>] 24[B<-certfile file>] 25[B<-signer file>] 26[B<-recip file>] 27[B<-inform SMIME|PEM|DER>] 28[B<-passin arg>] 29[B<-inkey file>] 30[B<-out file>] --- 93 unchanged lines hidden (view full) --- 124 125=item B<-CApath dir> 126 127a directory containing trusted CA certificates, only used with 128B<-verify>. This directory must be a standard certificate directory: that 129is a hash of each subject name (using B<x509 -hash>) should be linked 130to each certificate. 131 | 26[B<-in file>] 27[B<-certfile file>] 28[B<-signer file>] 29[B<-recip file>] 30[B<-inform SMIME|PEM|DER>] 31[B<-passin arg>] 32[B<-inkey file>] 33[B<-out file>] --- 93 unchanged lines hidden (view full) --- 127 128=item B<-CApath dir> 129 130a directory containing trusted CA certificates, only used with 131B<-verify>. This directory must be a standard certificate directory: that 132is a hash of each subject name (using B<x509 -hash>) should be linked 133to each certificate. 134 |
132=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256> | 135=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256> |
133 134the encryption algorithm to use. DES (56 bits), triple DES (168 bits), | 136 137the encryption algorithm to use. DES (56 bits), triple DES (168 bits), |
13540, 64 or 128 bit RC2 or 128, 192 or 256 bit AES respectively. If not | 13840, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not |
136specified 40 bit RC2 is used. Only used with B<-encrypt>. 137 138=item B<-nointern> 139 140when verifying a message normally certificates (if any) included in 141the message are searched for the signing certificate. With this option 142only the certificates specified in the B<-certfile> option are used. 143The supplied certificates can still be used as untrusted CAs however. --- 205 unchanged lines hidden (view full) --- 349and using the command, 350 351 openssl smime -verify -inform PEM -in signature.pem -content content.txt 352 353alternatively you can base64 decode the signature and use 354 355 openssl smime -verify -inform DER -in signature.der -content content.txt 356 | 139specified 40 bit RC2 is used. Only used with B<-encrypt>. 140 141=item B<-nointern> 142 143when verifying a message normally certificates (if any) included in 144the message are searched for the signing certificate. With this option 145only the certificates specified in the B<-certfile> option are used. 146The supplied certificates can still be used as untrusted CAs however. --- 205 unchanged lines hidden (view full) --- 352and using the command, 353 354 openssl smime -verify -inform PEM -in signature.pem -content content.txt 355 356alternatively you can base64 decode the signature and use 357 358 openssl smime -verify -inform DER -in signature.der -content content.txt 359 |
360Create an encrypted message using 128 bit Camellia: 361 362 openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem 363 |
|
357=head1 BUGS 358 359The MIME parser isn't very clever: it seems to handle most messages that I've thrown 360at it but it may choke on others. 361 362The code currently will only write out the signer's certificate to a file: if the 363signer has a separate encryption certificate this must be manually extracted. There 364should be some heuristic that determines the correct encryption certificate. --- 14 unchanged lines hidden --- | 364=head1 BUGS 365 366The MIME parser isn't very clever: it seems to handle most messages that I've thrown 367at it but it may choke on others. 368 369The code currently will only write out the signer's certificate to a file: if the 370signer has a separate encryption certificate this must be manually extracted. There 371should be some heuristic that determines the correct encryption certificate. --- 14 unchanged lines hidden --- |