openssl cms -help
-
CMS (Cryptographic Message Syntax) utility.
$ openssl cms -help Usage: cms [options] cert.pem... cert.pem... recipient certs for encryption Valid options are: -help Display this summary -inform parm Input format SMIME (default), PEM or DER -outform parm Output format SMIME (default), PEM or DER -in infile Input file -out outfile Output file -encrypt Encrypt message -decrypt Decrypt encrypted message -sign Sign message -sign_receipt Generate a signed receipt for the message -resign Resign a signed message -verify Verify signed message -verify_retcode (No additional info) -verify_receipt infile (No additional info) -cmsout Output CMS structure -data_out (No additional info) -data_create (No additional info) -digest_verify (No additional info) -digest_create (No additional info) -compress (No additional info) -uncompress (No additional info) -EncryptedData_decrypt (No additional info) -EncryptedData_encrypt (No additional info) -debug_decrypt (No additional info) -text Include or delete text MIME headers -asciicrlf (No additional info) -nointern Don't search certificates in message for signer -noverify Don't verify signers certificate -nocerts Don't include signers certificate when signing -noattr Don't include any signed attributes -nodetach Use opaque signing -nosmimecap Omit the SMIMECapabilities attribute -binary Don't translate message to text -keyid Use subject key identifier -nosigs Don't verify message signature -no_content_verify (No additional info) -no_attr_verify (No additional info) -stream Enable CMS streaming -indef Same as -stream -noindef Disable CMS streaming -crlfeol Use CRLF as EOL termination instead of CR only -noout For the -cmsout operation do not output the parsed CMS structure -receipt_request_print Print CMS Receipt Request -receipt_request_all (No additional info) -receipt_request_first (No additional info) -rctform PEM|DER Receipt file format -certfile infile Other certificates file -CAfile infile Trusted certificates file -CApath dir trusted certificates directory -no-CAfile Do not load the default certificates file -no-CApath Do not load certificates from the default certificates directory -content infile Supply or override content for detached signature -print For the -cmsout operation print out all fields of the CMS structure -secretkey val (No additional info) -secretkeyid val (No additional info) -pwri_password val (No additional info) -econtent_type val (No additional info) -passin val Input file pass phrase source -to val To address -from val From address -subject val Subject -signer val Signer certificate file -recip infile Recipient cert file for decryption -certsout outfile Certificate output file -md val Digest algorithm to use when signing or resigning -inkey val Input private key (if not signer or recipient) -keyform format Input private key format (PEM or ENGINE) -keyopt val Set public key parameters as n:v pairs -receipt_request_from val (No additional info) -receipt_request_to val (No additional info) -* Any supported cipher -rand val Load the file(s) into the random number generator -writerand outfile Write random data to the specified file -policy val adds policy to the acceptable policy set -purpose val certificate chain purpose -verify_name val verification policy name -verify_depth int chain depth limit -auth_level int chain authentication security level -attime intmax verification epoch time -verify_hostname val expected peer hostname -verify_email val expected peer email -verify_ip val expected peer IP address -ignore_critical permit unhandled critical extensions -issuer_checks (deprecated) -crl_check check leaf certificate revocation -crl_check_all check full chain revocation -policy_check perform rfc5280 policy checks -explicit_policy set policy variable require-explicit-policy -inhibit_any set policy variable inhibit-any-policy -inhibit_map set policy variable inhibit-policy-mapping -x509_strict disable certificate compatibility work-arounds -extended_crl enable extended CRL features -use_deltas use delta CRLs -policy_print print policy processing diagnostics -check_ss_sig check root CA self-signatures -trusted_first search trust store first (default) -suiteB_128_only Suite B 128-bit-only mode -suiteB_128 Suite B 128-bit mode allowing 192-bit algorithms -suiteB_192 Suite B 192-bit-only mode -partial_chain accept chains anchored by intermediate trust-store CAs -no_alt_chains (deprecated) -no_check_time ignore certificate validity time -allow_proxy_certs allow the use of proxy certificates -aes128-wrap Use AES128 to wrap key -aes192-wrap Use AES192 to wrap key -aes256-wrap Use AES256 to wrap key -des3-wrap Use 3DES-EDE to wrap key -engine val Use engine e, possibly a hardware device
© Lightnetics 2024