summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/CMS_sign.3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/man/CMS_sign.3')
-rw-r--r--src/lib/libcrypto/man/CMS_sign.349
1 files changed, 33 insertions, 16 deletions
diff --git a/src/lib/libcrypto/man/CMS_sign.3 b/src/lib/libcrypto/man/CMS_sign.3
index 1ef0f2d48a..1dfd153ee2 100644
--- a/src/lib/libcrypto/man/CMS_sign.3
+++ b/src/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: CMS_sign.3,v 1.5 2019/08/12 16:17:50 schwarze Exp $ 1.\" $OpenBSD: CMS_sign.3,v 1.6 2019/08/18 12:06:51 schwarze Exp $
2.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 2.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
3.\" 3.\"
4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE. 49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\" 50.\"
51.Dd $Mdocdate: August 12 2019 $ 51.Dd $Mdocdate: August 18 2019 $
52.Dt CMS_SIGN 3 52.Dt CMS_SIGN 3
53.Os 53.Os
54.Sh NAME 54.Sh NAME
@@ -66,7 +66,9 @@
66.Fc 66.Fc
67.Sh DESCRIPTION 67.Sh DESCRIPTION
68.Fn CMS_sign 68.Fn CMS_sign
69creates and returns a CMS SignedData structure. 69creates and returns a CMS
70.Vt SignedData
71structure.
70.Fa signcert 72.Fa signcert
71is the certificate to sign with, 73is the certificate to sign with,
72.Fa pkey 74.Fa pkey
@@ -80,12 +82,9 @@ Any or all of these parameters can be
80The data to be signed is read from 82The data to be signed is read from
81.Fa data . 83.Fa data .
82.Pp 84.Pp
83.Fa flags
84is an optional set of flags.
85.Pp
86Any of the following flags (OR'ed together) can be passed in the 85Any of the following flags (OR'ed together) can be passed in the
87.Fa flags 86.Fa flags
88parameter: 87argument:
89.Bl -tag -width Ds 88.Bl -tag -width Ds
90.It Dv CMS_TEXT 89.It Dv CMS_TEXT
91Prepend MIME headers for the type text/plain to the data. 90Prepend MIME headers for the type text/plain to the data.
@@ -98,8 +97,8 @@ structure.
98The signer's certificate must still be supplied in the 97The signer's certificate must still be supplied in the
99.Fa signcert 98.Fa signcert
100parameter though. 99parameter though.
101This can reduce the size of the signature if the signers certificate can 100This can reduce the size of the signature if the signer's certificate can
102be obtained by other means: for example a previously signed message. 101be obtained by other means, for example from a previously signed message.
103.It Dv CMS_DETACHED 102.It Dv CMS_DETACHED
104Omit the data being signed from the 103Omit the data being signed from the
105.Vt CMS_ContentInfo 104.Vt CMS_ContentInfo
@@ -114,19 +113,25 @@ even though that is required by the S/MIME specifications.
114This option should be used if the supplied data is in binary format. 113This option should be used if the supplied data is in binary format.
115Otherwise the translation will corrupt it. 114Otherwise the translation will corrupt it.
116.It Dv CMS_NOATTR 115.It Dv CMS_NOATTR
117Do not use any signedAttributes. 116Do not add any
118By default, the SignedData structure includes several CMS 117.Vt SignedAttributes .
119signedAttributes including the signing time, the CMS content type, 118By default, the
120and the supported list of ciphers in an SMIMECapabilities attribute. 119.Fa signerInfos
120field includes several CMS
121.Vt SignedAttributes
122including the signing time, the CMS content type,
123and the supported list of ciphers in an
124.Vt SMIMECapabilities
125attribute.
121.It Dv CMS_NOSMIMECAP 126.It Dv CMS_NOSMIMECAP
122Omit just the SMIMECapabilities. 127Omit just the
128.Vt SMIMECapabilities .
123If present, the SMIMECapabilities attribute indicates support for the 129If present, the SMIMECapabilities attribute indicates support for the
124following algorithms in preference order: 256 bit AES, Gost R3411-94, 130following algorithms in preference order: 256 bit AES, Gost R3411-94,
125Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit 131Gost 28147-89, 192 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit
126RC2, DES and 40 bit RC2. 132RC2, DES and 40 bit RC2.
127If any of these algorithms is not available, then it will not be 133If any of these algorithms is not available, then it will not be
128included: for example the GOST algorithms will not be included if 134included.
129the GOST ENGINE is not loaded.
130.It Dv CMS_USE_KEYID 135.It Dv CMS_USE_KEYID
131Use the subject key identifier value to identify signing certificates. 136Use the subject key identifier value to identify signing certificates.
132An error occurs if the signing certificate does not have a subject key 137An error occurs if the signing certificate does not have a subject key
@@ -212,6 +217,18 @@ The error can be obtained from
212.Xr ERR_get_error 3 . 217.Xr ERR_get_error 3 .
213.Sh SEE ALSO 218.Sh SEE ALSO
214.Xr CMS_verify 3 219.Xr CMS_verify 3
220.Sh STANDARDS
221RFC 5652: Cryptographic Message Syntax (CMS)
222.Bl -dash -compact -offset indent
223.It
224section 5.1: SignedData Type
225.It
226section 5.3: SignerInfo Type
227.El
228.Pp
229RFC 8551: Secure/Multipurpose Internet Mail Extensions (S/MIME)
230Version\ 4.0 Message Specification,
231section 2.5.2: SMIMECapabilities Attribute
215.Sh HISTORY 232.Sh HISTORY
216.Fn CMS_sign 233.Fn CMS_sign
217first appeared in OpenSSL 0.9.8h 234first appeared in OpenSSL 0.9.8h