diff options
Diffstat (limited to 'src/lib/libcrypto/man/PKCS7_sign.3')
-rw-r--r-- | src/lib/libcrypto/man/PKCS7_sign.3 | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3 index 6dfdde2616..3ae651dd82 100644 --- a/src/lib/libcrypto/man/PKCS7_sign.3 +++ b/src/lib/libcrypto/man/PKCS7_sign.3 | |||
@@ -1,6 +1,6 @@ | |||
1 | .\" $OpenBSD: PKCS7_sign.3,v 1.2 2016/11/06 15:52:50 jmc Exp $ | 1 | .\" $OpenBSD: PKCS7_sign.3,v 1.3 2016/11/24 19:45:16 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .Dd $Mdocdate: November 6 2016 $ | 3 | .Dd $Mdocdate: November 24 2016 $ |
4 | .Dt PKCS7_SIGN 3 | 4 | .Dt PKCS7_SIGN 3 |
5 | .Os | 5 | .Os |
6 | .Sh NAME | 6 | .Sh NAME |
@@ -49,17 +49,17 @@ are prepended to the data. | |||
49 | If | 49 | If |
50 | .Dv PKCS7_NOCERTS | 50 | .Dv PKCS7_NOCERTS |
51 | is set, the signer's certificate will not be included in the PKCS7 | 51 | is set, the signer's certificate will not be included in the PKCS7 |
52 | structure, the signer's certificate must still be supplied in the | 52 | structure, though the signer's certificate must still be supplied in the |
53 | .Fa signcert | 53 | .Fa signcert |
54 | parameter though. | 54 | parameter. |
55 | This can reduce the size of the signature if the signers certificate can | 55 | This can reduce the size of the signature if the signer's certificate can |
56 | be obtained by other means: for example a previously signed message. | 56 | be obtained by other means: for example a previously signed message. |
57 | .Pp | 57 | .Pp |
58 | The data being signed is included in the | 58 | The data being signed is included in the |
59 | .Vt PKCS7 | 59 | .Vt PKCS7 |
60 | structure, unless | 60 | structure, unless |
61 | .Dv PKCS7_DETACHED | 61 | .Dv PKCS7_DETACHED |
62 | is set in which case it is omitted. | 62 | is set, in which case it is omitted. |
63 | This is used for PKCS7 detached signatures which are used in S/MIME | 63 | This is used for PKCS7 detached signatures which are used in S/MIME |
64 | plaintext signed messages for example. | 64 | plaintext signed messages for example. |
65 | .Pp | 65 | .Pp |
@@ -82,8 +82,8 @@ If | |||
82 | is set, then just the SMIMECapabilities are omitted. | 82 | is set, then just the SMIMECapabilities are omitted. |
83 | .Pp | 83 | .Pp |
84 | If present, the SMIMECapabilities attribute indicates support for the | 84 | If present, the SMIMECapabilities attribute indicates support for the |
85 | following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 | 85 | following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES |
86 | bit RC2. | 86 | and 40-bit RC2. |
87 | If any of these algorithms is disabled then it will not be included. | 87 | If any of these algorithms is disabled then it will not be included. |
88 | .Pp | 88 | .Pp |
89 | If the flags | 89 | If the flags |
@@ -117,13 +117,14 @@ properly finalize the | |||
117 | .Vt PKCS7 | 117 | .Vt PKCS7 |
118 | structure will give unpredictable results. | 118 | structure will give unpredictable results. |
119 | .Pp | 119 | .Pp |
120 | Several functions including | 120 | Several functions, including |
121 | .Xr SMIME_write_PKCS7 3 , | 121 | .Xr SMIME_write_PKCS7 3 , |
122 | .Xr i2d_PKCS7_bio_stream 3 , | 122 | .Xr i2d_PKCS7_bio_stream 3 , |
123 | .Xr PEM_write_bio_PKCS7_stream 3 | 123 | and |
124 | .Xr PEM_write_bio_PKCS7_stream 3 , | ||
124 | finalize the structure. | 125 | finalize the structure. |
125 | Alternatively finalization can be performed by obtaining the streaming | 126 | Alternatively finalization can be performed by obtaining the streaming |
126 | ASN1 | 127 | ASN.1 |
127 | .Vt BIO | 128 | .Vt BIO |
128 | directly using | 129 | directly using |
129 | .Xr BIO_new_PKCS7 3 . | 130 | .Xr BIO_new_PKCS7 3 . |
@@ -157,7 +158,7 @@ and | |||
157 | .Fa pkey | 158 | .Fa pkey |
158 | are | 159 | are |
159 | .Dv NULL , | 160 | .Dv NULL , |
160 | then a certificates only PKCS#7 structure is output. | 161 | then a certificate-only PKCS#7 structure is output. |
161 | .Pp | 162 | .Pp |
162 | In versions of OpenSSL before 1.0.0 the | 163 | In versions of OpenSSL before 1.0.0 the |
163 | .Fa signcert | 164 | .Fa signcert |