Lines Matching +full:num +full:- +full:ss +full:- +full:bits
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
50 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
121 . ds 8 ss
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-SMIME 1ossl"
134 .TH OPENSSL-SMIME 1ossl "2023-09-22" "3.0.11" "OpenSSL"
140 openssl\-smime \- S/MIME command
144 [\fB\-help\fR]
145 [\fB\-encrypt\fR]
146 [\fB\-decrypt\fR]
147 [\fB\-sign\fR]
148 [\fB\-resign\fR]
149 [\fB\-verify\fR]
150 [\fB\-pk7out\fR]
151 [\fB\-binary\fR]
152 [\fB\-crlfeol\fR]
153 [\fB\-\f(BIcipher\fB\fR]
154 [\fB\-in\fR \fIfile\fR]
155 [\fB\-certfile\fR \fIfile\fR]
156 [\fB\-signer\fR \fIfile\fR]
157 [\fB\-nointern\fR]
158 [\fB\-noverify\fR]
159 [\fB\-nochain\fR]
160 [\fB\-nosigs\fR]
161 [\fB\-nocerts\fR]
162 [\fB\-noattr\fR]
163 [\fB\-nodetach\fR]
164 [\fB\-nosmimecap\fR]
165 [\fB\-recip\fR \fI file\fR]
166 [\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR]
167 [\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR]
168 [\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR]
169 [\fB\-passin\fR \fIarg\fR]
170 [\fB\-inkey\fR \fIfilename\fR|\fIuri\fR]
171 [\fB\-out\fR \fIfile\fR]
172 [\fB\-content\fR \fIfile\fR]
173 [\fB\-to\fR \fIaddr\fR]
174 [\fB\-from\fR \fIad\fR]
175 [\fB\-subject\fR \fIs\fR]
176 [\fB\-text\fR]
177 [\fB\-indef\fR]
178 [\fB\-noindef\fR]
179 [\fB\-stream\fR]
180 [\fB\-md\fR \fIdigest\fR]
181 [\fB\-CAfile\fR \fIfile\fR]
182 [\fB\-no\-CAfile\fR]
183 [\fB\-CApath\fR \fIdir\fR]
184 [\fB\-no\-CApath\fR]
185 [\fB\-CAstore\fR \fIuri\fR]
186 [\fB\-no\-CAstore\fR]
187 [\fB\-engine\fR \fIid\fR]
188 [\fB\-rand\fR \fIfiles\fR]
189 [\fB\-writerand\fR \fIfile\fR]
190 [\fB\-allow_proxy_certs\fR]
191 [\fB\-attime\fR \fItimestamp\fR]
192 [\fB\-no_check_time\fR]
193 [\fB\-check_ss_sig\fR]
194 [\fB\-crl_check\fR]
195 [\fB\-crl_check_all\fR]
196 [\fB\-explicit_policy\fR]
197 [\fB\-extended_crl\fR]
198 [\fB\-ignore_critical\fR]
199 [\fB\-inhibit_any\fR]
200 [\fB\-inhibit_map\fR]
201 [\fB\-partial_chain\fR]
202 [\fB\-policy\fR \fIarg\fR]
203 [\fB\-policy_check\fR]
204 [\fB\-policy_print\fR]
205 [\fB\-purpose\fR \fIpurpose\fR]
206 [\fB\-suiteB_128\fR]
207 [\fB\-suiteB_128_only\fR]
208 [\fB\-suiteB_192\fR]
209 [\fB\-trusted_first\fR]
210 [\fB\-no_alt_chains\fR]
211 [\fB\-use_deltas\fR]
212 [\fB\-auth_level\fR \fInum\fR]
213 [\fB\-verify_depth\fR \fInum\fR]
214 [\fB\-verify_email\fR \fIemail\fR]
215 [\fB\-verify_hostname\fR \fIhostname\fR]
216 [\fB\-verify_ip\fR \fIip\fR]
217 [\fB\-verify_name\fR \fIname\fR]
218 [\fB\-x509_strict\fR]
219 [\fB\-issuer_checks\fR]
220 [\fB\-provider\fR \fIname\fR]
221 [\fB\-provider\-path\fR \fIpath\fR]
222 [\fB\-propquery\fR \fIpropq\fR]
223 [\fB\-config\fR \fIconfigfile\fR]
233 .IP "\fB\-help\fR" 4
234 .IX Item "-help"
236 .IP "\fB\-encrypt\fR" 4
237 .IX Item "-encrypt"
239 to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format.
243 .IP "\fB\-decrypt\fR" 4
244 .IX Item "-decrypt"
246 encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail
248 .IP "\fB\-sign\fR" 4
249 .IX Item "-sign"
251 the message to be signed. The signed message in \s-1MIME\s0 format is written
253 .IP "\fB\-verify\fR" 4
254 .IX Item "-verify"
257 .IP "\fB\-pk7out\fR" 4
258 .IX Item "-pk7out"
259 Takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure.
260 .IP "\fB\-resign\fR" 4
261 .IX Item "-resign"
263 .IP "\fB\-in\fR \fIfilename\fR" 4
264 .IX Item "-in filename"
265 The input message to be encrypted or signed or the \s-1MIME\s0 message to
267 .IP "\fB\-out\fR \fIfilename\fR" 4
268 .IX Item "-out filename"
269 The message text that has been decrypted or verified or the output \s-1MIME\s0
271 .IP "\fB\-inform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4
272 .IX Item "-inform DER|PEM|SMIME"
274 the default is \fB\s-1SMIME\s0\fR.
275 See \fBopenssl\-format\-options\fR\|(1) for details.
276 .IP "\fB\-outform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fB\s-1SMIME\s0\fR" 4
277 .IX Item "-outform DER|PEM|SMIME"
279 the default is \fB\s-1SMIME\s0\fR.
280 See \fBopenssl\-format\-options\fR\|(1) for details.
281 .IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4
282 .IX Item "-keyform DER|PEM|P12|ENGINE"
284 See \fBopenssl\-format\-options\fR\|(1) for details.
285 .IP "\fB\-stream\fR, \fB\-indef\fR, \fB\-noindef\fR" 4
286 .IX Item "-stream, -indef, -noindef"
287 The \fB\-stream\fR and \fB\-indef\fR options are equivalent and enable streaming I/O
291 data if the output format is \fB\s-1SMIME\s0\fR it is currently off by default for all
293 .IP "\fB\-noindef\fR" 4
294 .IX Item "-noindef"
298 .IP "\fB\-content\fR \fIfilename\fR" 4
299 .IX Item "-content filename"
301 useful with the \fB\-verify\fR command. This is only usable if the PKCS#7
304 is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
305 .IP "\fB\-text\fR" 4
306 .IX Item "-text"
307 This option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
309 off text headers: if the decrypted or verified message is not of \s-1MIME\s0
311 .IP "\fB\-md\fR \fIdigest\fR" 4
312 .IX Item "-md digest"
314 default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
315 .IP "\fB\-\f(BIcipher\fB\fR" 4
316 .IX Item "-cipher"
317 The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
318 triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
320 example \fB\-aes\-128\-cbc\fR. See \fBopenssl\-enc\fR\|(1) for list of ciphers
323 If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR.
324 .IP "\fB\-nointern\fR" 4
325 .IX Item "-nointern"
328 only the certificates specified in the \fB\-certfile\fR option are used.
330 .IP "\fB\-noverify\fR" 4
331 .IX Item "-noverify"
333 .IP "\fB\-nochain\fR" 4
334 .IX Item "-nochain"
337 .IP "\fB\-nosigs\fR" 4
338 .IX Item "-nosigs"
340 .IP "\fB\-nocerts\fR" 4
341 .IX Item "-nocerts"
345 available locally (passed using the \fB\-certfile\fR option for example).
346 .IP "\fB\-noattr\fR" 4
347 .IX Item "-noattr"
351 .IP "\fB\-nodetach\fR" 4
352 .IX Item "-nodetach"
356 the \s-1MIME\s0 type multipart/signed is used.
357 .IP "\fB\-nosmimecap\fR" 4
358 .IX Item "-nosmimecap"
360 .IP "\fB\-binary\fR" 4
361 .IX Item "-binary"
363 effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME
365 is useful when handling binary data which may not be in \s-1MIME\s0 format.
366 .IP "\fB\-crlfeol\fR" 4
367 .IX Item "-crlfeol"
368 Normally the output file uses a single \fB\s-1LF\s0\fR as end of line. When this
369 option is present \fB\s-1CRLF\s0\fR is used instead.
370 .IP "\fB\-certfile\fR \fIfile\fR" 4
371 .IX Item "-certfile file"
375 The input can be in \s-1PEM, DER,\s0 or PKCS#12 format.
376 .IP "\fB\-signer\fR \fIfile\fR" 4
377 .IX Item "-signer file"
382 .IP "\fB\-nocerts\fR" 4
383 .IX Item "-nocerts"
385 .IP "\fB\-noattr\fR" 4
386 .IX Item "-noattr"
388 .IP "\fB\-recip\fR \fIfile\fR" 4
389 .IX Item "-recip file"
392 .IP "\fB\-inkey\fR \fIfilename\fR|\fIuri\fR" 4
393 .IX Item "-inkey filename|uri"
397 the \fB\-recip\fR or \fB\-signer\fR file. When signing this option can be used
399 .IP "\fB\-passin\fR \fIarg\fR" 4
400 .IX Item "-passin arg"
402 see \fBopenssl\-passphrase\-options\fR\|(1).
403 .IP "\fB\-to\fR, \fB\-from\fR, \fB\-subject\fR" 4
404 .IX Item "-to, -from, -subject"
409 …-allow_proxy_certs\fR, \fB\-attime\fR, \fB\-no_check_time\fR, \fB\-check_ss_sig\fR, \fB\-crl_check…
410 …-allow_proxy_certs, -attime, -no_check_time, -check_ss_sig, -crl_check, -crl_check_all, -explicit_…
412 See \*(L"Verification Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details.
415 .IP "\fB\-CAfile\fR \fIfile\fR, \fB\-no\-CAfile\fR, \fB\-CApath\fR \fIdir\fR, \fB\-no\-CApath\fR, \…
416 .IX Item "-CAfile file, -no-CAfile, -CApath dir, -no-CApath, -CAstore uri, -no-CAstore"
417 See \*(L"Trusted Certificate Options\*(R" in \fBopenssl\-verification\-options\fR\|(1) for details.
418 .IP "\fB\-engine\fR \fIid\fR" 4
419 .IX Item "-engine id"
422 .IP "\fB\-rand\fR \fIfiles\fR, \fB\-writerand\fR \fIfile\fR" 4
423 .IX Item "-rand files, -writerand file"
425 .IP "\fB\-provider\fR \fIname\fR" 4
426 .IX Item "-provider name"
428 .IP "\fB\-provider\-path\fR \fIpath\fR" 4
429 .IX Item "-provider-path path"
430 .IP "\fB\-propquery\fR \fIpropq\fR" 4
431 .IX Item "-propquery propq"
434 .IP "\fB\-config\fR \fIconfigfile\fR" 4
435 .IX Item "-config configfile"
443 The \s-1MIME\s0 message must be sent without any blank lines between the
449 necessary \s-1MIME\s0 headers or many S/MIME clients won't display it
450 properly (if at all). You can use the \fB\-text\fR option to automatically
462 The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME
466 The \fB\-resign\fR option uses an existing message digest when adding a new
470 The \fB\-stream\fR and \fB\-indef\fR options enable streaming I/O support.
471 As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding
472 and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the
473 \&\fB\-sign\fR operation if the content is not detached.
475 Streaming is always used for the \fB\-sign\fR operation with detached data but
477 remains \s-1DER.\s0
490 An error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0
504 \& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e
505 \& \-signer mycert.pem
511 \& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e
512 \& \-signer mycert.pem
519 \& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e
520 \& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem
526 \& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e
527 \& \-signer mycert.pem \-signer othercert.pem
533 \& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e
534 \& \-from steve@openssl.org \-to someone@somewhere \e
535 \& \-subject "Signed message" | sendmail someone@somewhere
541 \& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt
544 Send encrypted mail using triple \s-1DES:\s0
547 \& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e
548 \& \-to someone@somewhere \-subject "Encrypted message" \e
549 \& \-des3 user.pem \-out mail.msg
555 \& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e
556 \& | openssl smime \-encrypt \-out mail.msg \e
557 \& \-from steve@openssl.org \-to someone@somewhere \e
558 \& \-subject "Signed and Encrypted message" \-des3 user.pem
561 Note: the encryption command does not include the \fB\-text\fR option because the
562 message being encrypted already has \s-1MIME\s0 headers.
567 \& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem
576 \& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\-
577 \& \-\-\-\-\-END PKCS7\-\-\-\-\-
583 \& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt
589 \& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt
595 \& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem
601 \& openssl smime \-resign \-in mail.msg \-signer newsign.pem \-out mail2.msg
605 The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've
627 \&\fBossl_store\-file\fR\|(7)
630 The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
633 The \-no_alt_chains option was added in OpenSSL 1.1.0.
635 The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
638 Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved.
642 in the file \s-1LICENSE\s0 in the source distribution or at