1=pod 2 3=head1 NAME 4 5smime - S/MIME utility 6 7=head1 SYNOPSIS 8 9B<openssl> B<smime> 10[B<-encrypt>] 11[B<-decrypt>] 12[B<-sign>] 13[B<-resign>] 14[B<-verify>] 15[B<-pk7out>] 16[B<-[cipher]>] 17[B<-in file>] 18[B<-no_alt_chains>] 19[B<-certfile file>] 20[B<-signer file>] 21[B<-recip file>] 22[B<-inform SMIME|PEM|DER>] 23[B<-passin arg>] 24[B<-inkey file>] 25[B<-out file>] 26[B<-outform SMIME|PEM|DER>] 27[B<-content file>] 28[B<-to addr>] 29[B<-from ad>] 30[B<-subject s>] 31[B<-text>] 32[B<-indef>] 33[B<-noindef>] 34[B<-stream>] 35[B<-rand file(s)>] 36[B<-md digest>] 37[cert.pem]... 38 39=head1 DESCRIPTION 40 41The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and 42verify S/MIME messages. 43 44=head1 COMMAND OPTIONS 45 46There are six operation options that set the type of operation to be performed. 47The meaning of the other options varies according to the operation type. 48 49=over 4 50 51=item B<-encrypt> 52 53encrypt mail for the given recipient certificates. Input file is the message 54to be encrypted. The output file is the encrypted mail in MIME format. 55 56=item B<-decrypt> 57 58decrypt mail using the supplied certificate and private key. Expects an 59encrypted mail message in MIME format for the input file. The decrypted mail 60is written to the output file. 61 62=item B<-sign> 63 64sign mail using the supplied certificate and private key. Input file is 65the message to be signed. The signed message in MIME format is written 66to the output file. 67 68=item B<-verify> 69 70verify signed mail. Expects a signed mail message on input and outputs 71the signed data. Both clear text and opaque signing is supported. 72 73=item B<-pk7out> 74 75takes an input message and writes out a PEM encoded PKCS#7 structure. 76 77=item B<-resign> 78 79resign a message: take an existing message and one or more new signers. 80 81=item B<-in filename> 82 83the input message to be encrypted or signed or the MIME message to 84be decrypted or verified. 85 86=item B<-inform SMIME|PEM|DER> 87 88this specifies the input format for the PKCS#7 structure. The default 89is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER> 90format change this to expect PEM and DER format PKCS#7 structures 91instead. This currently only affects the input format of the PKCS#7 92structure, if no PKCS#7 structure is being input (for example with 93B<-encrypt> or B<-sign>) this option has no effect. 94 95=item B<-out filename> 96 97the message text that has been decrypted or verified or the output MIME 98format message that has been signed or verified. 99 100=item B<-outform SMIME|PEM|DER> 101 102this specifies the output format for the PKCS#7 structure. The default 103is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER> 104format change this to write PEM and DER format PKCS#7 structures 105instead. This currently only affects the output format of the PKCS#7 106structure, if no PKCS#7 structure is being output (for example with 107B<-verify> or B<-decrypt>) this option has no effect. 108 109=item B<-stream -indef -noindef> 110 111the B<-stream> and B<-indef> options are equivalent and enable streaming I/O 112for encoding operations. This permits single pass processing of data without 113the need to hold the entire contents in memory, potentially supporting very 114large files. Streaming is automatically set for S/MIME signing with detached 115data if the output format is B<SMIME> it is currently off by default for all 116other operations. 117 118=item B<-noindef> 119 120disable streaming I/O where it would produce and indefinite length constructed 121encoding. This option currently has no effect. In future streaming will be 122enabled by default on all relevant operations and this option will disable it. 123 124=item B<-content filename> 125 126This specifies a file containing the detached content, this is only 127useful with the B<-verify> command. This is only usable if the PKCS#7 128structure is using the detached signature form where the content is 129not included. This option will override any content if the input format 130is S/MIME and it uses the multipart/signed MIME content type. 131 132=item B<-text> 133 134this option adds plain text (text/plain) MIME headers to the supplied 135message if encrypting or signing. If decrypting or verifying it strips 136off text headers: if the decrypted or verified message is not of MIME 137type text/plain then an error occurs. 138 139=item B<-CAfile file> 140 141a file containing trusted CA certificates, only used with B<-verify>. 142 143=item B<-CApath dir> 144 145a directory containing trusted CA certificates, only used with 146B<-verify>. This directory must be a standard certificate directory: that 147is a hash of each subject name (using B<x509 -hash>) should be linked 148to each certificate. 149 150=item B<-md digest> 151 152digest algorithm to use when signing or resigning. If not present then the 153default digest algorithm for the signing key will be used (usually SHA1). 154 155=item B<-[cipher]> 156 157the encryption algorithm to use. For example DES (56 bits) - B<-des>, 158triple DES (168 bits) - B<-des3>, 159EVP_get_cipherbyname() function) can also be used preceded by a dash, for 160example B<-aes_128_cbc>. See L<B<enc>|enc(1)> for list of ciphers 161supported by your version of OpenSSL. 162 163If not specified triple DES is used. Only used with B<-encrypt>. 164 165=item B<-nointern> 166 167when verifying a message normally certificates (if any) included in 168the message are searched for the signing certificate. With this option 169only the certificates specified in the B<-certfile> option are used. 170The supplied certificates can still be used as untrusted CAs however. 171 172=item B<-noverify> 173 174do not verify the signers certificate of a signed message. 175 176=item B<-nochain> 177 178do not do chain verification of signers certificates: that is don't 179use the certificates in the signed message as untrusted CAs. 180 181=item B<-nosigs> 182 183don't try to verify the signatures on the message. 184 185=item B<-nocerts> 186 187when signing a message the signer's certificate is normally included 188with this option it is excluded. This will reduce the size of the 189signed message but the verifier must have a copy of the signers certificate 190available locally (passed using the B<-certfile> option for example). 191 192=item B<-noattr> 193 194normally when a message is signed a set of attributes are included which 195include the signing time and supported symmetric algorithms. With this 196option they are not included. 197 198=item B<-binary> 199 200normally the input message is converted to "canonical" format which is 201effectively using CR and LF as end of line: as required by the S/MIME 202specification. When this option is present no translation occurs. This 203is useful when handling binary data which may not be in MIME format. 204 205=item B<-nodetach> 206 207when signing a message use opaque signing: this form is more resistant 208to translation by mail relays but it cannot be read by mail agents that 209do not support S/MIME. Without this option cleartext signing with 210the MIME type multipart/signed is used. 211 212=item B<-certfile file> 213 214allows additional certificates to be specified. When signing these will 215be included with the message. When verifying these will be searched for 216the signers certificates. The certificates should be in PEM format. 217 218=item B<-signer file> 219 220a signing certificate when signing or resigning a message, this option can be 221used multiple times if more than one signer is required. If a message is being 222verified then the signers certificates will be written to this file if the 223verification was successful. 224 225=item B<-recip file> 226 227the recipients certificate when decrypting a message. This certificate 228must match one of the recipients of the message or an error occurs. 229 230=item B<-inkey file> 231 232the private key to use when signing or decrypting. This must match the 233corresponding certificate. If this option is not specified then the 234private key must be included in the certificate file specified with 235the B<-recip> or B<-signer> file. When signing this option can be used 236multiple times to specify successive keys. 237 238=item B<-passin arg> 239 240the private key password source. For more information about the format of B<arg> 241see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 242 243=item B<-rand file(s)> 244 245a file or files containing random data used to seed the random number 246generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 247Multiple files can be specified separated by a OS-dependent character. 248The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 249all others. 250 251=item B<cert.pem...> 252 253one or more certificates of message recipients: used when encrypting 254a message. 255 256=item B<-to, -from, -subject> 257 258the relevant mail headers. These are included outside the signed 259portion of a message so they may be included manually. If signing 260then many S/MIME mail clients check the signers certificate's email 261address matches that specified in the From: address. 262 263=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> 264 265Set various options of certificate chain verification. See 266L<B<verify>|verify(1)> manual page for details. 267 268=back 269 270=head1 NOTES 271 272The MIME message must be sent without any blank lines between the 273headers and the output. Some mail programs will automatically add 274a blank line. Piping the mail directly to sendmail is one way to 275achieve the correct format. 276 277The supplied message to be signed or encrypted must include the 278necessary MIME headers or many S/MIME clients wont display it 279properly (if at all). You can use the B<-text> option to automatically 280add plain text headers. 281 282A "signed and encrypted" message is one where a signed message is 283then encrypted. This can be produced by encrypting an already signed 284message: see the examples section. 285 286This version of the program only allows one signer per message but it 287will verify multiple signers on received messages. Some S/MIME clients 288choke if a message contains multiple signers. It is possible to sign 289messages "in parallel" by signing an already signed message. 290 291The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME 292clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 293encrypted data is used for other purposes. 294 295The B<-resign> option uses an existing message digest when adding a new 296signer. This means that attributes must be present in at least one existing 297signer using the same message digest or this operation will fail. 298 299The B<-stream> and B<-indef> options enable experimental streaming I/O support. 300As a result the encoding is BER using indefinite length constructed encoding 301and no longer DER. Streaming is supported for the B<-encrypt> operation and the 302B<-sign> operation if the content is not detached. 303 304Streaming is always used for the B<-sign> operation with detached data but 305since the content is no longer part of the PKCS#7 structure the encoding 306remains DER. 307 308=head1 EXIT CODES 309 310=over 4 311 312=item Z<>0 313 314the operation was completely successfully. 315 316=item Z<>1 317 318an error occurred parsing the command options. 319 320=item Z<>2 321 322one of the input files could not be read. 323 324=item Z<>3 325 326an error occurred creating the PKCS#7 file or when reading the MIME 327message. 328 329=item Z<>4 330 331an error occurred decrypting or verifying the message. 332 333=item Z<>5 334 335the message was verified correctly but an error occurred writing out 336the signers certificates. 337 338=back 339 340=head1 EXAMPLES 341 342Create a cleartext signed message: 343 344 openssl smime -sign -in message.txt -text -out mail.msg \ 345 -signer mycert.pem 346 347Create an opaque signed message: 348 349 openssl smime -sign -in message.txt -text -out mail.msg -nodetach \ 350 -signer mycert.pem 351 352Create a signed message, include some additional certificates and 353read the private key from another file: 354 355 openssl smime -sign -in in.txt -text -out mail.msg \ 356 -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem 357 358Create a signed message with two signers: 359 360 openssl smime -sign -in message.txt -text -out mail.msg \ 361 -signer mycert.pem -signer othercert.pem 362 363Send a signed message under Unix directly to sendmail, including headers: 364 365 openssl smime -sign -in in.txt -text -signer mycert.pem \ 366 -from steve@openssl.org -to someone@somewhere \ 367 -subject "Signed message" | sendmail someone@somewhere 368 369Verify a message and extract the signer's certificate if successful: 370 371 openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt 372 373Send encrypted mail using triple DES: 374 375 openssl smime -encrypt -in in.txt -from steve@openssl.org \ 376 -to someone@somewhere -subject "Encrypted message" \ 377 -des3 user.pem -out mail.msg 378 379Sign and encrypt mail: 380 381 openssl smime -sign -in ml.txt -signer my.pem -text \ 382 | openssl smime -encrypt -out mail.msg \ 383 -from steve@openssl.org -to someone@somewhere \ 384 -subject "Signed and Encrypted message" -des3 user.pem 385 386Note: the encryption command does not include the B<-text> option because the 387message being encrypted already has MIME headers. 388 389Decrypt mail: 390 391 openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem 392 393The output from Netscape form signing is a PKCS#7 structure with the 394detached signature format. You can use this program to verify the 395signature by line wrapping the base64 encoded structure and surrounding 396it with: 397 398 -----BEGIN PKCS7----- 399 -----END PKCS7----- 400 401and using the command: 402 403 openssl smime -verify -inform PEM -in signature.pem -content content.txt 404 405Alternatively you can base64 decode the signature and use: 406 407 openssl smime -verify -inform DER -in signature.der -content content.txt 408 409Create an encrypted message using 128 bit Camellia: 410 411 openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem 412 413Add a signer to an existing message: 414 415 openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg 416 417=head1 BUGS 418 419The MIME parser isn't very clever: it seems to handle most messages that I've 420thrown at it but it may choke on others. 421 422The code currently will only write out the signer's certificate to a file: if 423the signer has a separate encryption certificate this must be manually 424extracted. There should be some heuristic that determines the correct 425encryption certificate. 426 427Ideally a database should be maintained of a certificates for each email 428address. 429 430The code doesn't currently take note of the permitted symmetric encryption 431algorithms as supplied in the SMIMECapabilities signed attribute. This means the 432user has to manually include the correct encryption algorithm. It should store 433the list of permitted ciphers in a database and only use those. 434 435No revocation checking is done on the signer's certificate. 436 437The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 438structures may cause parsing errors. 439 440=head1 HISTORY 441 442The use of multiple B<-signer> options and the B<-resign> command were first 443added in OpenSSL 1.0.0 444 445The -no_alt_chains options was first added to OpenSSL 1.0.2b. 446 447=cut 448