X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fcrypto%2FCMS_sign.pod;h=3fb63f2e315be238cf57f49c6f2441b77590da4a;hb=706c5a4d353eeac4b3217138eeea6b737ff14681;hp=3047b283a4bb68240ad827bb1362bfd63fc0abab;hpb=9034c56c6c71ac68f25f195300e3d7b129280824;p=oweals%2Fopenssl.git diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod index 3047b283a4..3fb63f2e31 100644 --- a/doc/crypto/CMS_sign.pod +++ b/doc/crypto/CMS_sign.pod @@ -2,7 +2,7 @@ =head1 NAME -CMS_sign - create a CMS signedData structure + CMS_sign - create a CMS SignedData structure =head1 SYNOPSIS @@ -12,8 +12,8 @@ CMS_sign - create a CMS signedData structure =head1 DESCRIPTION -CMS_sign() creates and returns a CMS signedData structure. B is -the certificate to sign with, B is the corresponsding private key. +CMS_sign() creates and returns a CMS SignedData structure. B is +the certificate to sign with, B is the corresponding private key. B is an optional additional set of certificates to include in the CMS structure (for example any intermediate CAs in the chain). Any or all of these parameters can be B, see B below. @@ -47,15 +47,17 @@ required by the S/MIME specifications) if B is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. -The signedData structure includes several CMS signedAttributes including the +The SignedData structure includes several CMS signedAttributes including the signing time, the CMS content type and the supported list of ciphers in an SMIMECapabilities attribute. If B is set then no signedAttributes will be used. If B is set then just the SMIMECapabilities are omitted. If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of -these algorithms is disabled then it will not be included. +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. OpenSSL will by default identify signing certificates using issuer name and serial number. If B is set it will use the subject key @@ -92,18 +94,18 @@ The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the B, B and B parameters can all be B and the B flag set. Then one or more signers can be added using the -function B, non default digests set and custom +function CMS_sign_add1_signer(), non default digests can be used and custom attributes added. B must then be called to finalize the structure if streaming is not enabled. =head1 BUGS -Some advanced attributes such as counter signatures are not supported. +Some attributes such as counter signatures are not supported. =head1 RETURN VALUES CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). +occurred. The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -114,6 +116,6 @@ L, L CMS_sign() was added to OpenSSL 0.9.8 The B flag is only supported for detached data in OpenSSL 0.9.8, -it is supportd for embedded data in OpenSSL 0.9.9 and later. +it is supported for embedded data in OpenSSL 0.9.9 and later. =cut