{"resign", OPT_RESIGN, '-', "Resign a signed message"},
{"cades", OPT_CADES, '-', "Include signer certificate digest"},
{"verify", OPT_VERIFY, '-', "Verify signed message"},
- {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
- {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+ {"verify_retcode", OPT_VERIFY_RETCODE, '-',
+ "Exit non-zero on verification failure"},
+ {"verify_receipt", OPT_VERIFY_RECEIPT, '<',
+ "Verify receipts; exit if receipt signatures do not verify"},
{"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
- {"data_out", OPT_DATA_OUT, '-'},
- {"data_create", OPT_DATA_CREATE, '-'},
- {"digest_verify", OPT_DIGEST_VERIFY, '-'},
- {"digest_create", OPT_DIGEST_CREATE, '-'},
- {"compress", OPT_COMPRESS, '-'},
- {"uncompress", OPT_UNCOMPRESS, '-'},
- {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
- {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
- {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+ {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"},
+ {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"},
+ {"digest_verify", OPT_DIGEST_VERIFY, '-',
+ "Verify a CMS \"DigestedData\" object and output it"},
+ {"digest_create", OPT_DIGEST_CREATE, '-',
+ "Create a CMS \"DigestedData\" object"},
+ {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"},
+ {"uncompress", OPT_UNCOMPRESS, '-', "Uncompress a CMS \"CompressedData\" object"},
+ {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-',
+ "Decrypt CMS \"EncryptedData\" object using symmetric key"},
+ {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-',
+ "Create CMS \"EncryptedData\" object using symmetric key"},
+ {"debug_decrypt", OPT_DEBUG_DECRYPT, '-',
+ "Disable MMA protection and return an error if no recipient found"
+ " (see documentation)"},
{"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
- {"asciicrlf", OPT_ASCIICRLF, '-'},
+ {"asciicrlf", OPT_ASCIICRLF, '-',
+ "Perform CRLF canonicalisation when signing"},
{"nointern", OPT_NOINTERN, '-',
"Don't search certificates in message for signer"},
{"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
{"binary", OPT_BINARY, '-', "Don't translate message to text"},
{"keyid", OPT_KEYID, '-', "Use subject key identifier"},
{"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
- {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
- {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+ {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-',
+ "Do not verify signed content signatures"},
+ {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-',
+ "Do not verify signed attribute signatures"},
{"stream", OPT_INDEF, '-', "Enable CMS streaming"},
{"indef", OPT_INDEF, '-', "Same as -stream"},
{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
{"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
- {"receipt_request_all", OPT_RR_ALL, '-'},
- {"receipt_request_first", OPT_RR_FIRST, '-'},
+ {"receipt_request_all", OPT_RR_ALL, '-',
+ "When signing, create a receipt request for all recipients"},
+ {"receipt_request_first", OPT_RR_FIRST, '-',
+ "When signing, create a receipt request for first recipient"},
{"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
{"certfile", OPT_CERTFILE, '<', "Other certificates file"},
{"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
"Supply or override content for detached signature"},
{"print", OPT_PRINT, '-',
"For the -cmsout operation print out all fields of the CMS structure"},
- {"secretkey", OPT_SECRETKEY, 's'},
- {"secretkeyid", OPT_SECRETKEYID, 's'},
- {"pwri_password", OPT_PWRI_PASSWORD, 's'},
- {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+ {"secretkey", OPT_SECRETKEY, 's',
+ "Use specified hex-encoded key to decrypt/encrypt recipients or content"},
+ {"secretkeyid", OPT_SECRETKEYID, 's',
+ "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"},
+ {"pwri_password", OPT_PWRI_PASSWORD, 's',
+ "Specific password for recipient"},
+ {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"},
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"to", OPT_TO, 's', "To address"},
{"from", OPT_FROM, 's', "From address"},
"Input private key (if not signer or recipient)"},
{"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
- {"receipt_request_from", OPT_RR_FROM, 's'},
- {"receipt_request_to", OPT_RR_TO, 's'},
+ {"receipt_request_from", OPT_RR_FROM, 's',
+ "Create signed receipt request with specified email address"},
+ {"receipt_request_to", OPT_RR_TO, 's',
+ "Create signed receipt targeted to specified address"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_R_OPTIONS,
OPT_V_OPTIONS,