From a78b21fc6716e9c88dd3f7ade1e315551022b13d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 5 Aug 2013 15:56:01 +0100 Subject: [PATCH] Update cms docs. (cherry picked from commit dfcb42c68eac61b35d52f2fc53771c0f27dd9c29) --- doc/apps/cms.pod | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 18fe43caa9..dc337039a6 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -57,6 +57,7 @@ B B [B<-secretkeyid id>] [B<-econtent_type type>] [B<-inkey file>] +[B<-keyopt name:parameter>] [B<-passin arg>] [B<-rand file(s)>] [B] @@ -385,7 +386,8 @@ multiple times to specify successive keys. for signing and encryption this option can be used multiple times to set customised parameters for the preceding key or certificate. It can -currently be used to set RSA-PSS for signing or RSA-OAEP for encryption. +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for ECDH. =item B<-passin arg> @@ -504,6 +506,10 @@ The B<-compress> option. The B<-secretkey> option when used with B<-encrypt>. +The use of PSS with B<-sign>. + +The use of OAEP or non-RSA keys with B<-encrypt>. + Additionally the B<-EncryptedData_create> and B<-data_create> type cannot be processed by the older B command. @@ -591,9 +597,14 @@ Sign mail using RSA-PSS: Create encrypted mail using RSA-OAEP: - openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg \ + openssl cms -encrypt -in plain.txt -out mail.msg \ -recip cert.pem -keyopt rsa_padding_mode:oaep +Use SHA256 KDF with an ECDH certificate: + + openssl cms -encrypt -in plain.txt -out mail.msg \ + -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256 + =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've @@ -626,4 +637,7 @@ added to OpenSSL 1.1.0 Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. +The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added +to OpenSSL 1.1.0. + =cut -- 2.25.1