cms.pod revision 238384
1238384Sjkim=pod 2238384Sjkim 3238384Sjkim=head1 NAME 4238384Sjkim 5238384Sjkimcms - CMS utility 6238384Sjkim 7238384Sjkim=head1 SYNOPSIS 8238384Sjkim 9238384SjkimB<openssl> B<cms> 10238384Sjkim[B<-encrypt>] 11238384Sjkim[B<-decrypt>] 12238384Sjkim[B<-sign>] 13238384Sjkim[B<-verify>] 14238384Sjkim[B<-cmsout>] 15238384Sjkim[B<-resign>] 16238384Sjkim[B<-data_create>] 17238384Sjkim[B<-data_out>] 18238384Sjkim[B<-digest_create>] 19238384Sjkim[B<-digest_verify>] 20238384Sjkim[B<-compress>] 21238384Sjkim[B<-uncompress>] 22238384Sjkim[B<-EncryptedData_encrypt>] 23238384Sjkim[B<-sign_receipt>] 24238384Sjkim[B<-verify_receipt receipt>] 25238384Sjkim[B<-in filename>] 26238384Sjkim[B<-inform SMIME|PEM|DER>] 27238384Sjkim[B<-rctform SMIME|PEM|DER>] 28238384Sjkim[B<-out filename>] 29238384Sjkim[B<-outform SMIME|PEM|DER>] 30238384Sjkim[B<-stream -indef -noindef>] 31238384Sjkim[B<-noindef>] 32238384Sjkim[B<-content filename>] 33238384Sjkim[B<-text>] 34238384Sjkim[B<-noout>] 35238384Sjkim[B<-print>] 36238384Sjkim[B<-CAfile file>] 37238384Sjkim[B<-CApath dir>] 38238384Sjkim[B<-md digest>] 39238384Sjkim[B<-[cipher]>] 40238384Sjkim[B<-nointern>] 41238384Sjkim[B<-no_signer_cert_verify>] 42238384Sjkim[B<-nocerts>] 43238384Sjkim[B<-noattr>] 44238384Sjkim[B<-nosmimecap>] 45238384Sjkim[B<-binary>] 46238384Sjkim[B<-nodetach>] 47238384Sjkim[B<-certfile file>] 48238384Sjkim[B<-certsout file>] 49238384Sjkim[B<-signer file>] 50238384Sjkim[B<-recip file>] 51238384Sjkim[B<-keyid>] 52238384Sjkim[B<-receipt_request_all -receipt_request_first>] 53238384Sjkim[B<-receipt_request_from emailaddress>] 54238384Sjkim[B<-receipt_request_to emailaddress>] 55238384Sjkim[B<-receipt_request_print>] 56238384Sjkim[B<-secretkey key>] 57238384Sjkim[B<-secretkeyid id>] 58238384Sjkim[B<-econtent_type type>] 59238384Sjkim[B<-inkey file>] 60238384Sjkim[B<-passin arg>] 61238384Sjkim[B<-rand file(s)>] 62238384Sjkim[B<cert.pem...>] 63238384Sjkim[B<-to addr>] 64238384Sjkim[B<-from addr>] 65238384Sjkim[B<-subject subj>] 66238384Sjkim[cert.pem]... 67238384Sjkim 68238384Sjkim=head1 DESCRIPTION 69238384Sjkim 70238384SjkimThe B<cms> command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and 71238384Sjkimverify, compress and uncompress S/MIME messages. 72238384Sjkim 73238384Sjkim=head1 COMMAND OPTIONS 74238384Sjkim 75238384SjkimThere are fourteen operation options that set the type of operation to be 76238384Sjkimperformed. The meaning of the other options varies according to the operation 77238384Sjkimtype. 78238384Sjkim 79238384Sjkim=over 4 80238384Sjkim 81238384Sjkim=item B<-encrypt> 82238384Sjkim 83238384Sjkimencrypt mail for the given recipient certificates. Input file is the message 84238384Sjkimto be encrypted. The output file is the encrypted mail in MIME format. The 85238384Sjkimactual CMS type is <B>EnvelopedData<B>. 86238384Sjkim 87238384Sjkim=item B<-decrypt> 88238384Sjkim 89238384Sjkimdecrypt mail using the supplied certificate and private key. Expects an 90238384Sjkimencrypted mail message in MIME format for the input file. The decrypted mail 91238384Sjkimis written to the output file. 92238384Sjkim 93238384Sjkim=item B<-sign> 94238384Sjkim 95238384Sjkimsign mail using the supplied certificate and private key. Input file is 96238384Sjkimthe message to be signed. The signed message in MIME format is written 97238384Sjkimto the output file. 98238384Sjkim 99238384Sjkim=item B<-verify> 100238384Sjkim 101238384Sjkimverify signed mail. Expects a signed mail message on input and outputs 102238384Sjkimthe signed data. Both clear text and opaque signing is supported. 103238384Sjkim 104238384Sjkim=item B<-cmsout> 105238384Sjkim 106238384Sjkimtakes an input message and writes out a PEM encoded CMS structure. 107238384Sjkim 108238384Sjkim=item B<-resign> 109238384Sjkim 110238384Sjkimresign a message: take an existing message and one or more new signers. 111238384Sjkim 112238384Sjkim=item B<-data_create> 113238384Sjkim 114238384SjkimCreate a CMS B<Data> type. 115238384Sjkim 116238384Sjkim=item B<-data_out> 117238384Sjkim 118238384SjkimB<Data> type and output the content. 119238384Sjkim 120238384Sjkim=item B<-digest_create> 121238384Sjkim 122238384SjkimCreate a CMS B<DigestedData> type. 123238384Sjkim 124238384Sjkim=item B<-digest_verify> 125238384Sjkim 126238384SjkimVerify a CMS B<DigestedData> type and output the content. 127238384Sjkim 128238384Sjkim=item B<-compress> 129238384Sjkim 130238384SjkimCreate a CMS B<CompressedData> type. OpenSSL must be compiled with B<zlib> 131238384Sjkimsupport for this option to work, otherwise it will output an error. 132238384Sjkim 133238384Sjkim=item B<-uncompress> 134238384Sjkim 135238384SjkimUncompress a CMS B<CompressedData> type and output the content. OpenSSL must be 136238384Sjkimcompiled with B<zlib> support for this option to work, otherwise it will 137238384Sjkimoutput an error. 138238384Sjkim 139238384Sjkim=item B<-EncryptedData_encrypt> 140238384Sjkim 141238384SjkimEncrypt suppled content using supplied symmetric key and algorithm using a CMS 142238384SjkimB<EncrytedData> type and output the content. 143238384Sjkim 144238384Sjkim=item B<-sign_receipt> 145238384Sjkim 146238384SjkimGenerate and output a signed receipt for the supplied message. The input 147238384Sjkimmessage B<must> contain a signed receipt request. Functionality is otherwise 148238384Sjkimsimilar to the B<-sign> operation. 149238384Sjkim 150238384Sjkim=item B<-verify_receipt receipt> 151238384Sjkim 152238384SjkimVerify a signed receipt in filename B<receipt>. The input message B<must> 153238384Sjkimcontain the original receipt request. Functionality is otherwise similar 154238384Sjkimto the B<-verify> operation. 155238384Sjkim 156238384Sjkim=item B<-in filename> 157238384Sjkim 158238384Sjkimthe input message to be encrypted or signed or the message to be decrypted 159238384Sjkimor verified. 160238384Sjkim 161238384Sjkim=item B<-inform SMIME|PEM|DER> 162238384Sjkim 163238384Sjkimthis specifies the input format for the CMS structure. The default 164238384Sjkimis B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER> 165238384Sjkimformat change this to expect PEM and DER format CMS structures 166238384Sjkiminstead. This currently only affects the input format of the CMS 167238384Sjkimstructure, if no CMS structure is being input (for example with 168238384SjkimB<-encrypt> or B<-sign>) this option has no effect. 169238384Sjkim 170238384Sjkim=item B<-rctform SMIME|PEM|DER> 171238384Sjkim 172238384Sjkimspecify the format for a signed receipt for use with the B<-receipt_verify> 173238384Sjkimoperation. 174238384Sjkim 175238384Sjkim=item B<-out filename> 176238384Sjkim 177238384Sjkimthe message text that has been decrypted or verified or the output MIME 178238384Sjkimformat message that has been signed or verified. 179238384Sjkim 180238384Sjkim=item B<-outform SMIME|PEM|DER> 181238384Sjkim 182238384Sjkimthis specifies the output format for the CMS structure. The default 183238384Sjkimis B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER> 184238384Sjkimformat change this to write PEM and DER format CMS structures 185238384Sjkiminstead. This currently only affects the output format of the CMS 186238384Sjkimstructure, if no CMS structure is being output (for example with 187238384SjkimB<-verify> or B<-decrypt>) this option has no effect. 188238384Sjkim 189238384Sjkim=item B<-stream -indef -noindef> 190238384Sjkim 191238384Sjkimthe B<-stream> and B<-indef> options are equivalent and enable streaming I/O 192238384Sjkimfor encoding operations. This permits single pass processing of data without 193238384Sjkimthe need to hold the entire contents in memory, potentially supporting very 194238384Sjkimlarge files. Streaming is automatically set for S/MIME signing with detached 195238384Sjkimdata if the output format is B<SMIME> it is currently off by default for all 196238384Sjkimother operations. 197238384Sjkim 198238384Sjkim=item B<-noindef> 199238384Sjkim 200238384Sjkimdisable streaming I/O where it would produce and indefinite length constructed 201238384Sjkimencoding. This option currently has no effect. In future streaming will be 202238384Sjkimenabled by default on all relevant operations and this option will disable it. 203238384Sjkim 204238384Sjkim=item B<-content filename> 205238384Sjkim 206238384SjkimThis specifies a file containing the detached content, this is only 207238384Sjkimuseful with the B<-verify> command. This is only usable if the CMS 208238384Sjkimstructure is using the detached signature form where the content is 209238384Sjkimnot included. This option will override any content if the input format 210238384Sjkimis S/MIME and it uses the multipart/signed MIME content type. 211238384Sjkim 212238384Sjkim=item B<-text> 213238384Sjkim 214238384Sjkimthis option adds plain text (text/plain) MIME headers to the supplied 215238384Sjkimmessage if encrypting or signing. If decrypting or verifying it strips 216238384Sjkimoff text headers: if the decrypted or verified message is not of MIME 217238384Sjkimtype text/plain then an error occurs. 218238384Sjkim 219238384Sjkim=item B<-noout> 220238384Sjkim 221238384Sjkimfor the B<-cmsout> operation do not output the parsed CMS structure. This 222238384Sjkimis useful when combined with the B<-print> option or if the syntax of the CMS 223238384Sjkimstructure is being checked. 224238384Sjkim 225238384Sjkim=item B<-print> 226238384Sjkim 227238384Sjkimfor the B<-cmsout> operation print out all fields of the CMS structure. This 228238384Sjkimis mainly useful for testing purposes. 229238384Sjkim 230238384Sjkim=item B<-CAfile file> 231238384Sjkim 232238384Sjkima file containing trusted CA certificates, only used with B<-verify>. 233238384Sjkim 234238384Sjkim=item B<-CApath dir> 235238384Sjkim 236238384Sjkima directory containing trusted CA certificates, only used with 237238384SjkimB<-verify>. This directory must be a standard certificate directory: that 238238384Sjkimis a hash of each subject name (using B<x509 -hash>) should be linked 239238384Sjkimto each certificate. 240238384Sjkim 241238384Sjkim=item B<-md digest> 242238384Sjkim 243238384Sjkimdigest algorithm to use when signing or resigning. If not present then the 244238384Sjkimdefault digest algorithm for the signing key will be used (usually SHA1). 245238384Sjkim 246238384Sjkim=item B<-[cipher]> 247238384Sjkim 248238384Sjkimthe encryption algorithm to use. For example triple DES (168 bits) - B<-des3> 249238384Sjkimor 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the 250238384SjkimEVP_get_cipherbyname() function) can also be used preceded by a dash, for 251238384Sjkimexample B<-aes_128_cbc>. See L<B<enc>|enc(1)> for a list of ciphers 252238384Sjkimsupported by your version of OpenSSL. 253238384Sjkim 254238384SjkimIf not specified triple DES is used. Only used with B<-encrypt> and 255238384SjkimB<-EncryptedData_create> commands. 256238384Sjkim 257238384Sjkim=item B<-nointern> 258238384Sjkim 259238384Sjkimwhen verifying a message normally certificates (if any) included in 260238384Sjkimthe message are searched for the signing certificate. With this option 261238384Sjkimonly the certificates specified in the B<-certfile> option are used. 262238384SjkimThe supplied certificates can still be used as untrusted CAs however. 263238384Sjkim 264238384Sjkim=item B<-no_signer_cert_verify> 265238384Sjkim 266238384Sjkimdo not verify the signers certificate of a signed message. 267238384Sjkim 268238384Sjkim=item B<-nocerts> 269238384Sjkim 270238384Sjkimwhen signing a message the signer's certificate is normally included 271238384Sjkimwith this option it is excluded. This will reduce the size of the 272238384Sjkimsigned message but the verifier must have a copy of the signers certificate 273238384Sjkimavailable locally (passed using the B<-certfile> option for example). 274238384Sjkim 275238384Sjkim=item B<-noattr> 276238384Sjkim 277238384Sjkimnormally when a message is signed a set of attributes are included which 278238384Sjkiminclude the signing time and supported symmetric algorithms. With this 279238384Sjkimoption they are not included. 280238384Sjkim 281238384Sjkim=item B<-nosmimecap> 282238384Sjkim 283238384Sjkimexclude the list of supported algorithms from signed attributes, other options 284238384Sjkimsuch as signing time and content type are still included. 285238384Sjkim 286238384Sjkim=item B<-binary> 287238384Sjkim 288238384Sjkimnormally the input message is converted to "canonical" format which is 289238384Sjkimeffectively using CR and LF as end of line: as required by the S/MIME 290238384Sjkimspecification. When this option is present no translation occurs. This 291238384Sjkimis useful when handling binary data which may not be in MIME format. 292238384Sjkim 293238384Sjkim=item B<-nodetach> 294238384Sjkim 295238384Sjkimwhen signing a message use opaque signing: this form is more resistant 296238384Sjkimto translation by mail relays but it cannot be read by mail agents that 297238384Sjkimdo not support S/MIME. Without this option cleartext signing with 298238384Sjkimthe MIME type multipart/signed is used. 299238384Sjkim 300238384Sjkim=item B<-certfile file> 301238384Sjkim 302238384Sjkimallows additional certificates to be specified. When signing these will 303238384Sjkimbe included with the message. When verifying these will be searched for 304238384Sjkimthe signers certificates. The certificates should be in PEM format. 305238384Sjkim 306238384Sjkim=item B<-certsout file> 307238384Sjkim 308238384Sjkimany certificates contained in the message are written to B<file>. 309238384Sjkim 310238384Sjkim=item B<-signer file> 311238384Sjkim 312238384Sjkima signing certificate when signing or resigning a message, this option can be 313238384Sjkimused multiple times if more than one signer is required. If a message is being 314238384Sjkimverified then the signers certificates will be written to this file if the 315238384Sjkimverification was successful. 316238384Sjkim 317238384Sjkim=item B<-recip file> 318238384Sjkim 319238384Sjkimthe recipients certificate when decrypting a message. This certificate 320238384Sjkimmust match one of the recipients of the message or an error occurs. 321238384Sjkim 322238384Sjkim=item B<-keyid> 323238384Sjkim 324238384Sjkimuse subject key identifier to identify certificates instead of issuer name and 325238384Sjkimserial number. The supplied certificate B<must> include a subject key 326238384Sjkimidentifier extension. Supported by B<-sign> and B<-encrypt> options. 327238384Sjkim 328238384Sjkim=item B<-receipt_request_all -receipt_request_first> 329238384Sjkim 330238384Sjkimfor B<-sign> option include a signed receipt request. Indicate requests should 331238384Sjkimbe provided by all receipient or first tier recipients (those mailed directly 332238384Sjkimand not from a mailing list). Ignored it B<-receipt_request_from> is included. 333238384Sjkim 334238384Sjkim=item B<-receipt_request_from emailaddress> 335238384Sjkim 336238384Sjkimfor B<-sign> option include a signed receipt request. Add an explicit email 337238384Sjkimaddress where receipts should be supplied. 338238384Sjkim 339238384Sjkim=item B<-receipt_request_to emailaddress> 340238384Sjkim 341238384SjkimAdd an explicit email address where signed receipts should be sent to. This 342238384Sjkimoption B<must> but supplied if a signed receipt it requested. 343238384Sjkim 344238384Sjkim=item B<-receipt_request_print> 345238384Sjkim 346238384SjkimFor the B<-verify> operation print out the contents of any signed receipt 347238384Sjkimrequests. 348238384Sjkim 349238384Sjkim=item B<-secretkey key> 350238384Sjkim 351238384Sjkimspecify symmetric key to use. The key must be supplied in hex format and be 352238384Sjkimconsistent with the algorithm used. Supported by the B<-EncryptedData_encrypt> 353238384SjkimB<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used 354238384Sjkimwith B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the 355238384Sjkimcontent encryption key using an AES key in the B<KEKRecipientInfo> type. 356238384Sjkim 357238384Sjkim=item B<-secretkeyid id> 358238384Sjkim 359238384Sjkimthe key identifier for the supplied symmetric key for B<KEKRecipientInfo> type. 360238384SjkimThis option B<must> be present if the B<-secretkey> option is used with 361238384SjkimB<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the 362238384Sjkimrelevant key if it is not supplied then an attempt is used to decrypt any 363238384SjkimB<KEKRecipientInfo> structures. 364238384Sjkim 365238384Sjkim=item B<-econtent_type type> 366238384Sjkim 367238384Sjkimset the encapsulated content type to B<type> if not supplied the B<Data> type 368238384Sjkimis used. The B<type> argument can be any valid OID name in either text or 369238384Sjkimnumerical format. 370238384Sjkim 371238384Sjkim=item B<-inkey file> 372238384Sjkim 373238384Sjkimthe private key to use when signing or decrypting. This must match the 374238384Sjkimcorresponding certificate. If this option is not specified then the 375238384Sjkimprivate key must be included in the certificate file specified with 376238384Sjkimthe B<-recip> or B<-signer> file. When signing this option can be used 377238384Sjkimmultiple times to specify successive keys. 378238384Sjkim 379238384Sjkim=item B<-passin arg> 380238384Sjkim 381238384Sjkimthe private key password source. For more information about the format of B<arg> 382238384Sjkimsee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 383238384Sjkim 384238384Sjkim=item B<-rand file(s)> 385238384Sjkim 386238384Sjkima file or files containing random data used to seed the random number 387238384Sjkimgenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 388238384SjkimMultiple files can be specified separated by a OS-dependent character. 389238384SjkimThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 390238384Sjkimall others. 391238384Sjkim 392238384Sjkim=item B<cert.pem...> 393238384Sjkim 394238384Sjkimone or more certificates of message recipients: used when encrypting 395238384Sjkima message. 396238384Sjkim 397238384Sjkim=item B<-to, -from, -subject> 398238384Sjkim 399238384Sjkimthe relevant mail headers. These are included outside the signed 400238384Sjkimportion of a message so they may be included manually. If signing 401238384Sjkimthen many S/MIME mail clients check the signers certificate's email 402238384Sjkimaddress matches that specified in the From: address. 403238384Sjkim 404238384Sjkim=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> 405238384Sjkim 406238384SjkimSet various certificate chain valiadition option. See the 407238384SjkimL<B<verify>|verify(1)> manual page for details. 408238384Sjkim 409238384Sjkim=back 410238384Sjkim 411238384Sjkim=head1 NOTES 412238384Sjkim 413238384SjkimThe MIME message must be sent without any blank lines between the 414238384Sjkimheaders and the output. Some mail programs will automatically add 415238384Sjkima blank line. Piping the mail directly to sendmail is one way to 416238384Sjkimachieve the correct format. 417238384Sjkim 418238384SjkimThe supplied message to be signed or encrypted must include the 419238384Sjkimnecessary MIME headers or many S/MIME clients wont display it 420238384Sjkimproperly (if at all). You can use the B<-text> option to automatically 421238384Sjkimadd plain text headers. 422238384Sjkim 423238384SjkimA "signed and encrypted" message is one where a signed message is 424238384Sjkimthen encrypted. This can be produced by encrypting an already signed 425238384Sjkimmessage: see the examples section. 426238384Sjkim 427238384SjkimThis version of the program only allows one signer per message but it 428238384Sjkimwill verify multiple signers on received messages. Some S/MIME clients 429238384Sjkimchoke if a message contains multiple signers. It is possible to sign 430238384Sjkimmessages "in parallel" by signing an already signed message. 431238384Sjkim 432238384SjkimThe options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME 433238384Sjkimclients. Strictly speaking these process CMS enveloped data: CMS 434238384Sjkimencrypted data is used for other purposes. 435238384Sjkim 436238384SjkimThe B<-resign> option uses an existing message digest when adding a new 437238384Sjkimsigner. This means that attributes must be present in at least one existing 438238384Sjkimsigner using the same message digest or this operation will fail. 439238384Sjkim 440238384SjkimThe B<-stream> and B<-indef> options enable experimental streaming I/O support. 441238384SjkimAs a result the encoding is BER using indefinite length constructed encoding 442238384Sjkimand no longer DER. Streaming is supported for the B<-encrypt> operation and the 443238384SjkimB<-sign> operation if the content is not detached. 444238384Sjkim 445238384SjkimStreaming is always used for the B<-sign> operation with detached data but 446238384Sjkimsince the content is no longer part of the CMS structure the encoding 447238384Sjkimremains DER. 448238384Sjkim 449238384Sjkim=head1 EXIT CODES 450238384Sjkim 451238384Sjkim=over 4 452238384Sjkim 453238384Sjkim=item 0 454238384Sjkim 455238384Sjkimthe operation was completely successfully. 456238384Sjkim 457238384Sjkim=item 1 458238384Sjkim 459238384Sjkiman error occurred parsing the command options. 460238384Sjkim 461238384Sjkim=item 2 462238384Sjkim 463238384Sjkimone of the input files could not be read. 464238384Sjkim 465238384Sjkim=item 3 466238384Sjkim 467238384Sjkiman error occurred creating the CMS file or when reading the MIME 468238384Sjkimmessage. 469238384Sjkim 470238384Sjkim=item 4 471238384Sjkim 472238384Sjkiman error occurred decrypting or verifying the message. 473238384Sjkim 474238384Sjkim=item 5 475238384Sjkim 476238384Sjkimthe message was verified correctly but an error occurred writing out 477238384Sjkimthe signers certificates. 478238384Sjkim 479238384Sjkim=back 480238384Sjkim 481238384Sjkim=head1 COMPATIBILITY WITH PKCS#7 format. 482238384Sjkim 483238384SjkimThe B<smime> utility can only process the older B<PKCS#7> format. The B<cms> 484238384Sjkimutility supports Cryptographic Message Syntax format. Use of some features 485238384Sjkimwill result in messages which cannot be processed by applications which only 486238384Sjkimsupport the older format. These are detailed below. 487238384Sjkim 488238384SjkimThe use of the B<-keyid> option with B<-sign> or B<-encrypt>. 489238384Sjkim 490238384SjkimThe B<-outform PEM> option uses different headers. 491238384Sjkim 492238384SjkimThe B<-compress> option. 493238384Sjkim 494238384SjkimThe B<-secretkey> option when used with B<-encrypt>. 495238384Sjkim 496238384SjkimAdditionally the B<-EncryptedData_create> and B<-data_create> type cannot 497238384Sjkimbe processed by the older B<smime> command. 498238384Sjkim 499238384Sjkim=head1 EXAMPLES 500238384Sjkim 501238384SjkimCreate a cleartext signed message: 502238384Sjkim 503238384Sjkim openssl cms -sign -in message.txt -text -out mail.msg \ 504238384Sjkim -signer mycert.pem 505238384Sjkim 506238384SjkimCreate an opaque signed message 507238384Sjkim 508238384Sjkim openssl cms -sign -in message.txt -text -out mail.msg -nodetach \ 509238384Sjkim -signer mycert.pem 510238384Sjkim 511238384SjkimCreate a signed message, include some additional certificates and 512238384Sjkimread the private key from another file: 513238384Sjkim 514238384Sjkim openssl cms -sign -in in.txt -text -out mail.msg \ 515238384Sjkim -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem 516238384Sjkim 517238384SjkimCreate a signed message with two signers, use key identifier: 518238384Sjkim 519238384Sjkim openssl cms -sign -in message.txt -text -out mail.msg \ 520238384Sjkim -signer mycert.pem -signer othercert.pem -keyid 521238384Sjkim 522238384SjkimSend a signed message under Unix directly to sendmail, including headers: 523238384Sjkim 524238384Sjkim openssl cms -sign -in in.txt -text -signer mycert.pem \ 525238384Sjkim -from steve@openssl.org -to someone@somewhere \ 526238384Sjkim -subject "Signed message" | sendmail someone@somewhere 527238384Sjkim 528238384SjkimVerify a message and extract the signer's certificate if successful: 529238384Sjkim 530238384Sjkim openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt 531238384Sjkim 532238384SjkimSend encrypted mail using triple DES: 533238384Sjkim 534238384Sjkim openssl cms -encrypt -in in.txt -from steve@openssl.org \ 535238384Sjkim -to someone@somewhere -subject "Encrypted message" \ 536238384Sjkim -des3 user.pem -out mail.msg 537238384Sjkim 538238384SjkimSign and encrypt mail: 539238384Sjkim 540238384Sjkim openssl cms -sign -in ml.txt -signer my.pem -text \ 541238384Sjkim | openssl cms -encrypt -out mail.msg \ 542238384Sjkim -from steve@openssl.org -to someone@somewhere \ 543238384Sjkim -subject "Signed and Encrypted message" -des3 user.pem 544238384Sjkim 545238384SjkimNote: the encryption command does not include the B<-text> option because the 546238384Sjkimmessage being encrypted already has MIME headers. 547238384Sjkim 548238384SjkimDecrypt mail: 549238384Sjkim 550238384Sjkim openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem 551238384Sjkim 552238384SjkimThe output from Netscape form signing is a PKCS#7 structure with the 553238384Sjkimdetached signature format. You can use this program to verify the 554238384Sjkimsignature by line wrapping the base64 encoded structure and surrounding 555238384Sjkimit with: 556238384Sjkim 557238384Sjkim -----BEGIN PKCS7----- 558238384Sjkim -----END PKCS7----- 559238384Sjkim 560238384Sjkimand using the command, 561238384Sjkim 562238384Sjkim openssl cms -verify -inform PEM -in signature.pem -content content.txt 563238384Sjkim 564238384Sjkimalternatively you can base64 decode the signature and use 565238384Sjkim 566238384Sjkim openssl cms -verify -inform DER -in signature.der -content content.txt 567238384Sjkim 568238384SjkimCreate an encrypted message using 128 bit Camellia: 569238384Sjkim 570238384Sjkim openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem 571238384Sjkim 572238384SjkimAdd a signer to an existing message: 573238384Sjkim 574238384Sjkim openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg 575238384Sjkim 576238384Sjkim=head1 BUGS 577238384Sjkim 578238384SjkimThe MIME parser isn't very clever: it seems to handle most messages that I've 579238384Sjkimthrown at it but it may choke on others. 580238384Sjkim 581238384SjkimThe code currently will only write out the signer's certificate to a file: if 582238384Sjkimthe signer has a separate encryption certificate this must be manually 583238384Sjkimextracted. There should be some heuristic that determines the correct 584238384Sjkimencryption certificate. 585238384Sjkim 586238384SjkimIdeally a database should be maintained of a certificates for each email 587238384Sjkimaddress. 588238384Sjkim 589238384SjkimThe code doesn't currently take note of the permitted symmetric encryption 590238384Sjkimalgorithms as supplied in the SMIMECapabilities signed attribute. this means the 591238384Sjkimuser has to manually include the correct encryption algorithm. It should store 592238384Sjkimthe list of permitted ciphers in a database and only use those. 593238384Sjkim 594238384SjkimNo revocation checking is done on the signer's certificate. 595238384Sjkim 596238384Sjkim=head1 HISTORY 597238384Sjkim 598238384SjkimThe use of multiple B<-signer> options and the B<-resign> command were first 599238384Sjkimadded in OpenSSL 1.0.0 600238384Sjkim 601238384Sjkim 602238384Sjkim=cut 603