summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/PKCS7_sign.3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/man/PKCS7_sign.3')
-rw-r--r--src/lib/libcrypto/man/PKCS7_sign.325
1 files changed, 13 insertions, 12 deletions
diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3
index 6dfdde2616..3ae651dd82 100644
--- a/src/lib/libcrypto/man/PKCS7_sign.3
+++ b/src/lib/libcrypto/man/PKCS7_sign.3
@@ -1,6 +1,6 @@
1.\" $OpenBSD: PKCS7_sign.3,v 1.2 2016/11/06 15:52:50 jmc Exp $ 1.\" $OpenBSD: PKCS7_sign.3,v 1.3 2016/11/24 19:45:16 jmc Exp $
2.\" 2.\"
3.Dd $Mdocdate: November 6 2016 $ 3.Dd $Mdocdate: November 24 2016 $
4.Dt PKCS7_SIGN 3 4.Dt PKCS7_SIGN 3
5.Os 5.Os
6.Sh NAME 6.Sh NAME
@@ -49,17 +49,17 @@ are prepended to the data.
49If 49If
50.Dv PKCS7_NOCERTS 50.Dv PKCS7_NOCERTS
51is set, the signer's certificate will not be included in the PKCS7 51is set, the signer's certificate will not be included in the PKCS7
52structure, the signer's certificate must still be supplied in the 52structure, though the signer's certificate must still be supplied in the
53.Fa signcert 53.Fa signcert
54parameter though. 54parameter.
55This can reduce the size of the signature if the signers certificate can 55This can reduce the size of the signature if the signer's certificate can
56be obtained by other means: for example a previously signed message. 56be obtained by other means: for example a previously signed message.
57.Pp 57.Pp
58The data being signed is included in the 58The data being signed is included in the
59.Vt PKCS7 59.Vt PKCS7
60structure, unless 60structure, unless
61.Dv PKCS7_DETACHED 61.Dv PKCS7_DETACHED
62is set in which case it is omitted. 62is set, in which case it is omitted.
63This is used for PKCS7 detached signatures which are used in S/MIME 63This is used for PKCS7 detached signatures which are used in S/MIME
64plaintext signed messages for example. 64plaintext signed messages for example.
65.Pp 65.Pp
@@ -82,8 +82,8 @@ If
82is set, then just the SMIMECapabilities are omitted. 82is set, then just the SMIMECapabilities are omitted.
83.Pp 83.Pp
84If present, the SMIMECapabilities attribute indicates support for the 84If present, the SMIMECapabilities attribute indicates support for the
85following algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 85following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES
86bit RC2. 86and 40-bit RC2.
87If any of these algorithms is disabled then it will not be included. 87If any of these algorithms is disabled then it will not be included.
88.Pp 88.Pp
89If the flags 89If the flags
@@ -117,13 +117,14 @@ properly finalize the
117.Vt PKCS7 117.Vt PKCS7
118structure will give unpredictable results. 118structure will give unpredictable results.
119.Pp 119.Pp
120Several functions including 120Several functions, including
121.Xr SMIME_write_PKCS7 3 , 121.Xr SMIME_write_PKCS7 3 ,
122.Xr i2d_PKCS7_bio_stream 3 , 122.Xr i2d_PKCS7_bio_stream 3 ,
123.Xr PEM_write_bio_PKCS7_stream 3 123and
124.Xr PEM_write_bio_PKCS7_stream 3 ,
124finalize the structure. 125finalize the structure.
125Alternatively finalization can be performed by obtaining the streaming 126Alternatively finalization can be performed by obtaining the streaming
126ASN1 127ASN.1
127.Vt BIO 128.Vt BIO
128directly using 129directly using
129.Xr BIO_new_PKCS7 3 . 130.Xr BIO_new_PKCS7 3 .
@@ -157,7 +158,7 @@ and
157.Fa pkey 158.Fa pkey
158are 159are
159.Dv NULL , 160.Dv NULL ,
160then a certificates only PKCS#7 structure is output. 161then a certificate-only PKCS#7 structure is output.
161.Pp 162.Pp
162In versions of OpenSSL before 1.0.0 the 163In versions of OpenSSL before 1.0.0 the
163.Fa signcert 164.Fa signcert