Fix some errors and missing info in the CMS docs

[openssl.git] / doc / man1 / cms.pod

diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 21e5bdea9e250f4b639e817ebf6a888fec6c219e..d63efa66ef3fa15d4d8c785db9a19f0f648f0aae 100644 (file)
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-cms,
 cms - CMS utility
 
 =head1 SYNOPSIS
@@ -67,9 +68,9 @@ B<openssl> B<cms>
 [B<-verify_name name>]
 [B<-x509_strict>]
 [B<-md digest>]
-[B<-[cipher]>]
+[B<-I<cipher>>]
 [B<-nointern>]
-[B<-no_signer_cert_verify>]
+[B<-noverify>]
 [B<-nocerts>]
 [B<-noattr>]
 [B<-nosmimecap>]
@@ -92,7 +93,8 @@ B<openssl> B<cms>
 [B<-inkey file>]
 [B<-keyopt name:parameter>]
 [B<-passin arg>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
 [B<cert.pem...>]
 [B<-to addr>]
 [B<-from addr>]
@@ -185,7 +187,7 @@ output an error.
 =item B<-EncryptedData_encrypt>
 
 Encrypt content using supplied symmetric key and algorithm using a CMS
-B<EncrytedData> type and output the content.
+B<EncryptedData> type and output the content.
 
 =item B<-sign_receipt>
 
@@ -297,7 +299,7 @@ Do not load the trusted CA certificates from the default directory location
 Digest algorithm to use when signing or resigning. If not present then the
 default digest algorithm for the signing key will be used (usually SHA1).
 
-=item B<-[cipher]>
+=item B<-I<cipher>>
 
 The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
 or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
@@ -315,7 +317,7 @@ the message are searched for the signing certificate. With this option
 only the certificates specified in the B<-certfile> option are used.
 The supplied certificates can still be used as untrusted CAs however.
 
-=item B<-no_signer_cert_verify>
+=item B<-noverify>
 
 Do not verify the signers certificate of a signed message.
 
@@ -392,6 +394,9 @@ When encrypting a message this option may be used multiple times to specify
 each recipient. This form B<must> be used if customised parameters are
 required (for example to specify RSA-OAEP).
 
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
 =item B<-keyid>
 
 Use subject key identifier to identify certificates instead of issuer name and
@@ -461,14 +466,19 @@ or to modify default parameters for ECDH.
 The private key password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
 
-=item B<-rand file(s)>
+=item B<-rand file...>
 
 A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
 =item B<cert.pem...>
 
 One or more certificates of message recipients: used when encrypting
@@ -711,19 +721,16 @@ No revocation checking is done on the signer's certificate.
 =head1 HISTORY
 
 The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
 
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2.
 
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
 
 The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
 
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
 
 =head1 COPYRIGHT