Clarify docs.

[oweals/openssl.git] / doc / apps / smime.pod

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 4ab53322c506867d55480969605eae8536327c9e..bc8f05908575ca080c52e5ebf7f1e6066c55530e 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -17,11 +17,16 @@ B<openssl> B<smime>
 [B<-rc2-40>]
 [B<-rc2-64>]
 [B<-rc2-128>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
 [B<-in file>]
 [B<-certfile file>]
 [B<-signer file>]
 [B<-recip  file>]
-[B<-in file>]
 [B<-inform SMIME|PEM|DER>]
 [B<-passin arg>]
 [B<-inkey file>]
@@ -127,11 +132,11 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
 
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
 
-the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
-or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
-used. Only used with B<-encrypt>.
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
+40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively.
+If not specified triple DES is used. Only used with B<-encrypt>.
 
 =item B<-nointern>
 
@@ -295,7 +300,7 @@ Create a cleartext signed message:
  openssl smime -sign -in message.txt -text -out mail.msg \
        -signer mycert.pem
 
-Create and opaque signed message
+Create and opaque signed message:
 
  openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
        -signer mycert.pem
@@ -325,7 +330,7 @@ Send encrypted mail using triple DES:
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \
-       | openssl -encrypt -out mail.msg \
+       | openssl smime -encrypt -out mail.msg \
        -from steve@openssl.org -to someone@somewhere \
        -subject "Signed and Encrypted message" -des3 user.pem
 
@@ -341,17 +346,21 @@ detached signature format. You can use this program to verify the
 signature by line wrapping the base64 encoded structure and surrounding
 it with:
 
- -----BEGIN PKCS7----
- -----END PKCS7----
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
 
-and using the command, 
+and using the command: 
 
  openssl smime -verify -inform PEM -in signature.pem -content content.txt
 
-alternatively you can base64 decode the signature and use
+Alternatively you can base64 decode the signature and use:
 
  openssl smime -verify -inform DER -in signature.der -content content.txt
 
+Create an encrypted message using 128 bit Camellia:
+
+ openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
+
 =head1 BUGS
 
 The MIME parser isn't very clever: it seems to handle most messages that I've thrown
@@ -364,7 +373,7 @@ should be some heuristic that determines the correct encryption certificate.
 Ideally a database should be maintained of a certificates for each email address.
 
 The code doesn't currently take note of the permitted symmetric encryption
-algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+algorithms as supplied in the SMIMECapabilities signed attribute. This means the
 user has to manually include the correct encryption algorithm. It should store
 the list of permitted ciphers in a database and only use those.