=head1 NAME
+openssl-cms,
cms - CMS utility
=head1 SYNOPSIS
[B<-verify_name name>]
[B<-x509_strict>]
[B<-md digest>]
-[B<-[cipher]>]
+[B<-I<cipher>>]
[B<-nointern>]
-[B<-no_signer_cert_verify>]
+[B<-noverify>]
[B<-nocerts>]
[B<-noattr>]
[B<-nosmimecap>]
Digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually SHA1).
-=item B<-[cipher]>
+=item B<-I<cipher>>
The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
only the certificates specified in the B<-certfile> option are used.
The supplied certificates can still be used as untrusted CAs however.
-=item B<-no_signer_cert_verify>
+=item B<-noverify>
Do not verify the signers certificate of a signed message.
each recipient. This form B<must> be used if customised parameters are
required (for example to specify RSA-OAEP).
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
=item B<-keyid>
Use subject key identifier to identify certificates instead of issuer name and
=head1 HISTORY
The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2.
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
=head1 COPYRIGHT