=pod
-
-=begin comment
-{- join("\n", @autowarntext) -}
-
-=end comment
+{- OpenSSL::safe::output_do_not_edit_headers(); -}
=head1 NAME
-openssl-smime - S/MIME utility
+openssl-smime - S/MIME command
=head1 SYNOPSIS
[B<-crlfeol>]
[B<-I<cipher>>]
[B<-in> I<file>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
[B<-certfile> I<file>]
[B<-signer> I<file>]
+[B<-nointern>]
+[B<-noverify>]
+[B<-nochain>]
+[B<-nosigs>]
+[B<-nocerts>]
+[B<-noattr>]
+[B<-nodetach>]
+[B<-nosmimecap>]
[B<-recip> I< file>]
[B<-inform> B<DER>|B<PEM>|B<SMIME>]
[B<-outform> B<DER>|B<PEM>|B<SMIME>]
-[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
+[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-inkey> I<file_or_id>]
[B<-out> I<file>]
[B<-stream>]
[B<-md> I<digest>]
{- $OpenSSL::safe::opt_trust_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
-I<cert.pem> ...
+{- $OpenSSL::safe::opt_v_synopsis -}
+{- $OpenSSL::safe::opt_provider_synopsis -}
+I<recipcert> ...
=for openssl ifdef engine
the default is B<SMIME>.
See L<openssl(1)/Format Options> for details.
-=item B<-keyform> B<DER>|B<PEM>
+=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
See L<openssl(1)/Format Options> for details.
=item B<-stream>, B<-indef>, B<-noindef>
=item B<-nochain>
-Do not do chain verification of signers certificates: that is don't
+Do not do chain verification of signers certificates; that is, do not
use the certificates in the signed message as untrusted CAs.
=item B<-nosigs>
include the signing time and supported symmetric algorithms. With this
option they are not included.
+=item B<-nodetach>
+
+When signing a message use opaque signing. This form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME. Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-nosmimecap>
+
+When signing a message, do not include the B<SMIMECapabilities> attribute.
+
=item B<-binary>
Normally the input message is converted to "canonical" format which is
Normally the output file uses a single B<LF> as end of line. When this
option is present B<CRLF> is used instead.
-=item B<-nodetach>
-
-When signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME. Without this option cleartext signing with
-the MIME type multipart/signed is used.
-
=item B<-certfile> I<file>
Allows additional certificates to be specified. When signing these will
be included with the message. When verifying these will be searched for
-the signers certificates. The certificates should be in PEM format.
+the signers certificates.
=item B<-signer> I<file>
verified then the signers certificates will be written to this file if the
verification was successful.
+=item B<-nocerts>
+
+Don't include signers certificate when signing.
+
+=item B<-noattr>
+
+Don't include any signed attributes when signing.
+
=item B<-recip> I<file>
The recipients certificate when decrypting a message. This certificate
then many S/MIME mail clients check the signers certificate's email
address matches that specified in the From: address.
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+{- $OpenSSL::safe::opt_v_item -}
-Set various options of certificate chain verification. See
-L<openssl-verify(1)> manual page for details.
+Any verification errors cause the command to exit.
{- $OpenSSL::safe::opt_trust_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
{- $OpenSSL::safe::opt_r_item -}
-=item I<cert.pem> ...
+{- $OpenSSL::safe::opt_provider_item -}
+
+=item I<recipcert> ...
One or more certificates of message recipients, used when encrypting
a message.
The -no_alt_chains option was added in OpenSSL 1.1.0.
+All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
+and have no effect.
+
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy