X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fcrypto%2FCMS_sign.pod;h=396deef7728b072150cd84437770f158418b402c;hp=3047b283a4bb68240ad827bb1362bfd63fc0abab;hb=cb8145ff4a9e2bc629cbb3b5beb01620d5b7053d;hpb=9034c56c6c71ac68f25f195300e3d7b129280824 diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod index 3047b283a4..396deef772 100644 --- a/doc/crypto/CMS_sign.pod +++ b/doc/crypto/CMS_sign.pod @@ -2,7 +2,7 @@ =head1 NAME -CMS_sign - create a CMS signedData structure +CMS_sign - create a CMS SignedData structure =head1 SYNOPSIS @@ -12,8 +12,8 @@ CMS_sign - create a CMS signedData structure =head1 DESCRIPTION -CMS_sign() creates and returns a CMS signedData structure. B is -the certificate to sign with, B is the corresponsding private key. +CMS_sign() creates and returns a CMS SignedData structure. B is +the certificate to sign with, B is the corresponding private key. B is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain). Any or all of these parameters can be B, see B below. @@ -47,15 +47,17 @@ required by the S/MIME specifications) if B is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. -The signedData structure includes several CMS signedAttributes including the +The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If B is set then no signedAttributes will be used. If B is set then just the SMIMECapabilities are omitted. If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of -these algorithms is disabled then it will not be included. +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. OpenSSL will by default identify signing certificates using issuer name and serial number. If B is set it will use the subject key @@ -92,28 +94,35 @@ The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the B, B and B parameters can all be B and the B flag set. Then one or more signers can be added using the -function B, non default digests set and custom -attributes added. B must then be called to finalize the -structure if streaming is not enabled. +function CMS_sign_add1_signer(), non default digests can be used and custom +attributes added. CMS_final() must then be called to finalize the +structure if streaming is not enabled. =head1 BUGS -Some advanced attributes such as counter signatures are not supported. +Some attributes such as counter signatures are not supported. =head1 RETURN VALUES CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). +occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO -L, L +L, L =head1 HISTORY -CMS_sign() was added to OpenSSL 0.9.8 - The B flag is only supported for detached data in OpenSSL 0.9.8, -it is supportd for embedded data in OpenSSL 0.9.9 and later. +it is supported for embedded data in OpenSSL 1.0.0 and later. + +=head1 COPYRIGHT + +Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. =cut