=head1 NAME
+openssl-cms,
cms - CMS utility
=head1 SYNOPSIS
[B<-verify_name name>]
[B<-x509_strict>]
[B<-md digest>]
-[B<-[cipher]>]
+[B<-I<cipher>>]
[B<-nointern>]
-[B<-no_signer_cert_verify>]
+[B<-noverify>]
[B<-nocerts>]
[B<-noattr>]
[B<-nosmimecap>]
[B<-inkey file>]
[B<-keyopt name:parameter>]
[B<-passin arg>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<cert.pem...>]
[B<-to addr>]
[B<-from addr>]
=item B<-EncryptedData_encrypt>
Encrypt content using supplied symmetric key and algorithm using a CMS
-B<EncrytedData> type and output the content.
+B<EncryptedData> type and output the content.
=item B<-sign_receipt>
Digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually SHA1).
-=item B<-[cipher]>
+=item B<-I<cipher>>
The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
only the certificates specified in the B<-certfile> option are used.
The supplied certificates can still be used as untrusted CAs however.
-=item B<-no_signer_cert_verify>
+=item B<-noverify>
Do not verify the signers certificate of a signed message.
each recipient. This form B<must> be used if customised parameters are
required (for example to specify RSA-OAEP).
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
=item B<-keyid>
Use subject key identifier to identify certificates instead of issuer name and
The private key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-rand file(s)>
+=item B<-rand file...>
A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<cert.pem...>
One or more certificates of message recipients: used when encrypting
=head1 HISTORY
The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2.
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
=head1 COPYRIGHT