1CMS(1)                              OpenSSL                             CMS(1)
2
3
4

NAME

6       cms - CMS utility
7

SYNOPSIS

9       openssl cms [-encrypt] [-decrypt] [-sign] [-verify] [-cmsout] [-resign]
10       [-data_create] [-data_out] [-digest_create] [-digest_verify]
11       [-compress] [-uncompress] [-EncryptedData_encrypt] [-sign_receipt]
12       [-verify_receipt receipt] [-in filename] [-inform SMIME|PEM|DER]
13       [-rctform SMIME|PEM|DER] [-out filename] [-outform SMIME|PEM|DER]
14       [-stream -indef -noindef] [-noindef] [-content filename] [-text]
15       [-noout] [-print] [-CAfile file] [-CApath dir] [-md digest] [-[cipher]]
16       [-nointern] [-no_signer_cert_verify] [-nocerts] [-noattr] [-nosmimecap]
17       [-binary] [-nodetach] [-certfile file] [-certsout file] [-signer file]
18       [-recip file] [-keyid] [-receipt_request_all -receipt_request_first]
19       [-receipt_request_from emailaddress] [-receipt_request_to emailaddress]
20       [-receipt_request_print] [-secretkey key] [-secretkeyid id]
21       [-econtent_type type] [-inkey file] [-passin arg] [-rand file(s)]
22       [cert.pem...]  [-to addr] [-from addr] [-subject subj] [cert.pem]...
23

DESCRIPTION

25       The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign
26       and verify, compress and uncompress S/MIME messages.
27

COMMAND OPTIONS

29       There are fourteen operation options that set the type of operation to
30       be performed. The meaning of the other options varies according to the
31       operation type.
32
33       -encrypt
34           encrypt mail for the given recipient certificates. Input file is
35           the message to be encrypted. The output file is the encrypted mail
36           in MIME format. The actual CMS type is <B>EnvelopedData<B>.
37
38       -decrypt
39           decrypt mail using the supplied certificate and private key.
40           Expects an encrypted mail message in MIME format for the input
41           file. The decrypted mail is written to the output file.
42
43       -sign
44           sign mail using the supplied certificate and private key. Input
45           file is the message to be signed. The signed message in MIME format
46           is written to the output file.
47
48       -verify
49           verify signed mail. Expects a signed mail message on input and
50           outputs the signed data. Both clear text and opaque signing is
51           supported.
52
53       -cmsout
54           takes an input message and writes out a PEM encoded CMS structure.
55
56       -resign
57           resign a message: take an existing message and one or more new
58           signers.
59
60       -data_create
61           Create a CMS Data type.
62
63       -data_out
64           Data type and output the content.
65
66       -digest_create
67           Create a CMS DigestedData type.
68
69       -digest_verify
70           Verify a CMS DigestedData type and output the content.
71
72       -compress
73           Create a CMS CompressedData type. OpenSSL must be compiled with
74           zlib support for this option to work, otherwise it will output an
75           error.
76
77       -uncompress
78           Uncompress a CMS CompressedData type and output the content.
79           OpenSSL must be compiled with zlib support for this option to work,
80           otherwise it will output an error.
81
82       -EncryptedData_encrypt
83           Encrypt suppled content using supplied symmetric key and algorithm
84           using a CMS EncrytedData type and output the content.
85
86       -sign_receipt
87           Generate and output a signed receipt for the supplied message. The
88           input message must contain a signed receipt request. Functionality
89           is otherwise similar to the -sign operation.
90
91       -verify_receipt receipt
92           Verify a signed receipt in filename receipt. The input message must
93           contain the original receipt request. Functionality is otherwise
94           similar to the -verify operation.
95
96       -in filename
97           the input message to be encrypted or signed or the message to be
98           decrypted or verified.
99
100       -inform SMIME|PEM|DER
101           this specifies the input format for the CMS structure. The default
102           is SMIME which reads an S/MIME format message. PEM and DER format
103           change this to expect PEM and DER format CMS structures instead.
104           This currently only affects the input format of the CMS structure,
105           if no CMS structure is being input (for example with -encrypt or
106           -sign) this option has no effect.
107
108       -rctform SMIME|PEM|DER
109           specify the format for a signed receipt for use with the
110           -receipt_verify operation.
111
112       -out filename
113           the message text that has been decrypted or verified or the output
114           MIME format message that has been signed or verified.
115
116       -outform SMIME|PEM|DER
117           this specifies the output format for the CMS structure. The default
118           is SMIME which writes an S/MIME format message. PEM and DER format
119           change this to write PEM and DER format CMS structures instead.
120           This currently only affects the output format of the CMS structure,
121           if no CMS structure is being output (for example with -verify or
122           -decrypt) this option has no effect.
123
124       -stream -indef -noindef
125           the -stream and -indef options are equivalent and enable streaming
126           I/O for encoding operations. This permits single pass processing of
127           data without the need to hold the entire contents in memory,
128           potentially supporting very large files. Streaming is automatically
129           set for S/MIME signing with detached data if the output format is
130           SMIME it is currently off by default for all other operations.
131
132       -noindef
133           disable streaming I/O where it would produce and indefinite length
134           constructed encoding. This option currently has no effect. In
135           future streaming will be enabled by default on all relevant
136           operations and this option will disable it.
137
138       -content filename
139           This specifies a file containing the detached content, this is only
140           useful with the -verify command. This is only usable if the CMS
141           structure is using the detached signature form where the content is
142           not included. This option will override any content if the input
143           format is S/MIME and it uses the multipart/signed MIME content
144           type.
145
146       -text
147           this option adds plain text (text/plain) MIME headers to the
148           supplied message if encrypting or signing. If decrypting or
149           verifying it strips off text headers: if the decrypted or verified
150           message is not of MIME type text/plain then an error occurs.
151
152       -noout
153           for the -cmsout operation do not output the parsed CMS structure.
154           This is useful when combined with the -print option or if the
155           syntax of the CMS structure is being checked.
156
157       -print
158           for the -cmsout operation print out all fields of the CMS
159           structure. This is mainly useful for testing purposes.
160
161       -CAfile file
162           a file containing trusted CA certificates, only used with -verify.
163
164       -CApath dir
165           a directory containing trusted CA certificates, only used with
166           -verify. This directory must be a standard certificate directory:
167           that is a hash of each subject name (using x509 -hash) should be
168           linked to each certificate.
169
170       -md digest
171           digest algorithm to use when signing or resigning. If not present
172           then the default digest algorithm for the signing key will be used
173           (usually SHA1).
174
175       -[cipher]
176           the encryption algorithm to use. For example triple DES (168 bits)
177           - -des3 or 256 bit AES - -aes256. Any standard algorithm name (as
178           used by the EVP_get_cipherbyname() function) can also be used
179           preceded by a dash, for example -aes_128_cbc. See enc for a list of
180           ciphers supported by your version of OpenSSL.
181
182           If not specified triple DES is used. Only used with -encrypt and
183           -EncryptedData_create commands.
184
185       -nointern
186           when verifying a message normally certificates (if any) included in
187           the message are searched for the signing certificate. With this
188           option only the certificates specified in the -certfile option are
189           used.  The supplied certificates can still be used as untrusted CAs
190           however.
191
192       -no_signer_cert_verify
193           do not verify the signers certificate of a signed message.
194
195       -nocerts
196           when signing a message the signer's certificate is normally
197           included with this option it is excluded. This will reduce the size
198           of the signed message but the verifier must have a copy of the
199           signers certificate available locally (passed using the -certfile
200           option for example).
201
202       -noattr
203           normally when a message is signed a set of attributes are included
204           which include the signing time and supported symmetric algorithms.
205           With this option they are not included.
206
207       -nosmimecap
208           exclude the list of supported algorithms from signed attributes,
209           other options such as signing time and content type are still
210           included.
211
212       -binary
213           normally the input message is converted to "canonical" format which
214           is effectively using CR and LF as end of line: as required by the
215           S/MIME specification. When this option is present no translation
216           occurs. This is useful when handling binary data which may not be
217           in MIME format.
218
219       -nodetach
220           when signing a message use opaque signing: this form is more
221           resistant to translation by mail relays but it cannot be read by
222           mail agents that do not support S/MIME.  Without this option
223           cleartext signing with the MIME type multipart/signed is used.
224
225       -certfile file
226           allows additional certificates to be specified. When signing these
227           will be included with the message. When verifying these will be
228           searched for the signers certificates. The certificates should be
229           in PEM format.
230
231       -certsout file
232           any certificates contained in the message are written to file.
233
234       -signer file
235           a signing certificate when signing or resigning a message, this
236           option can be used multiple times if more than one signer is
237           required. If a message is being verified then the signers
238           certificates will be written to this file if the verification was
239           successful.
240
241       -recip file
242           the recipients certificate when decrypting a message. This
243           certificate must match one of the recipients of the message or an
244           error occurs.
245
246       -keyid
247           use subject key identifier to identify certificates instead of
248           issuer name and serial number. The supplied certificate must
249           include a subject key identifier extension. Supported by -sign and
250           -encrypt options.
251
252       -receipt_request_all -receipt_request_first
253           for -sign option include a signed receipt request. Indicate
254           requests should be provided by all receipient or first tier
255           recipients (those mailed directly and not from a mailing list).
256           Ignored it -receipt_request_from is included.
257
258       -receipt_request_from emailaddress
259           for -sign option include a signed receipt request. Add an explicit
260           email address where receipts should be supplied.
261
262       -receipt_request_to emailaddress
263           Add an explicit email address where signed receipts should be sent
264           to. This option must but supplied if a signed receipt it requested.
265
266       -receipt_request_print
267           For the -verify operation print out the contents of any signed
268           receipt requests.
269
270       -secretkey key
271           specify symmetric key to use. The key must be supplied in hex
272           format and be consistent with the algorithm used. Supported by the
273           -EncryptedData_encrypt -EncrryptedData_decrypt, -encrypt and
274           -decrypt options. When used with -encrypt or -decrypt the supplied
275           key is used to wrap or unwrap the content encryption key using an
276           AES key in the KEKRecipientInfo type.
277
278       -secretkeyid id
279           the key identifier for the supplied symmetric key for
280           KEKRecipientInfo type.  This option must be present if the
281           -secretkey option is used with -encrypt. With -decrypt operations
282           the id is used to locate the relevant key if it is not supplied
283           then an attempt is used to decrypt any KEKRecipientInfo structures.
284
285       -econtent_type type
286           set the encapsulated content type to type if not supplied the Data
287           type is used. The type argument can be any valid OID name in either
288           text or numerical format.
289
290       -inkey file
291           the private key to use when signing or decrypting. This must match
292           the corresponding certificate. If this option is not specified then
293           the private key must be included in the certificate file specified
294           with the -recip or -signer file. When signing this option can be
295           used multiple times to specify successive keys.
296
297       -passin arg
298           the private key password source. For more information about the
299           format of arg see the PASS PHRASE ARGUMENTS section in openssl(1).
300
301       -rand file(s)
302           a file or files containing random data used to seed the random
303           number generator, or an EGD socket (see RAND_egd(3)).  Multiple
304           files can be specified separated by a OS-dependent character.  The
305           separator is ; for MS-Windows, , for OpenVMS, and : for all others.
306
307       cert.pem...
308           one or more certificates of message recipients: used when
309           encrypting a message.
310
311       -to, -from, -subject
312           the relevant mail headers. These are included outside the signed
313           portion of a message so they may be included manually. If signing
314           then many S/MIME mail clients check the signers certificate's email
315           address matches that specified in the From: address.
316
317       -purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all,
318       -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig
319           Set various certificate chain valiadition option. See the verify
320           manual page for details.
321

NOTES

323       The MIME message must be sent without any blank lines between the
324       headers and the output. Some mail programs will automatically add a
325       blank line. Piping the mail directly to sendmail is one way to achieve
326       the correct format.
327
328       The supplied message to be signed or encrypted must include the
329       necessary MIME headers or many S/MIME clients wont display it properly
330       (if at all). You can use the -text option to automatically add plain
331       text headers.
332
333       A "signed and encrypted" message is one where a signed message is then
334       encrypted. This can be produced by encrypting an already signed
335       message: see the examples section.
336
337       This version of the program only allows one signer per message but it
338       will verify multiple signers on received messages. Some S/MIME clients
339       choke if a message contains multiple signers. It is possible to sign
340       messages "in parallel" by signing an already signed message.
341
342       The options -encrypt and -decrypt reflect common usage in S/MIME
343       clients. Strictly speaking these process CMS enveloped data: CMS
344       encrypted data is used for other purposes.
345
346       The -resign option uses an existing message digest when adding a new
347       signer. This means that attributes must be present in at least one
348       existing signer using the same message digest or this operation will
349       fail.
350
351       The -stream and -indef options enable experimental streaming I/O
352       support.  As a result the encoding is BER using indefinite length
353       constructed encoding and no longer DER. Streaming is supported for the
354       -encrypt operation and the -sign operation if the content is not
355       detached.
356
357       Streaming is always used for the -sign operation with detached data but
358       since the content is no longer part of the CMS structure the encoding
359       remains DER.
360

EXIT CODES

362       0   the operation was completely successfully.
363
364       1   an error occurred parsing the command options.
365
366       2   one of the input files could not be read.
367
368       3   an error occurred creating the CMS file or when reading the MIME
369           message.
370
371       4   an error occurred decrypting or verifying the message.
372
373       5   the message was verified correctly but an error occurred writing
374           out the signers certificates.
375

COMPATIBILITY WITH PKCS#7 format.

377       The smime utility can only process the older PKCS#7 format. The cms
378       utility supports Cryptographic Message Syntax format. Use of some
379       features will result in messages which cannot be processed by
380       applications which only support the older format. These are detailed
381       below.
382
383       The use of the -keyid option with -sign or -encrypt.
384
385       The -outform PEM option uses different headers.
386
387       The -compress option.
388
389       The -secretkey option when used with -encrypt.
390
391       Additionally the -EncryptedData_create and -data_create type cannot be
392       processed by the older smime command.
393

EXAMPLES

395       Create a cleartext signed message:
396
397        openssl cms -sign -in message.txt -text -out mail.msg \
398               -signer mycert.pem
399
400       Create an opaque signed message
401
402        openssl cms -sign -in message.txt -text -out mail.msg -nodetach \
403               -signer mycert.pem
404
405       Create a signed message, include some additional certificates and read
406       the private key from another file:
407
408        openssl cms -sign -in in.txt -text -out mail.msg \
409               -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
410
411       Create a signed message with two signers, use key identifier:
412
413        openssl cms -sign -in message.txt -text -out mail.msg \
414               -signer mycert.pem -signer othercert.pem -keyid
415
416       Send a signed message under Unix directly to sendmail, including
417       headers:
418
419        openssl cms -sign -in in.txt -text -signer mycert.pem \
420               -from steve@openssl.org -to someone@somewhere \
421               -subject "Signed message" | sendmail someone@somewhere
422
423       Verify a message and extract the signer's certificate if successful:
424
425        openssl cms -verify -in mail.msg -signer user.pem -out signedtext.txt
426
427       Send encrypted mail using triple DES:
428
429        openssl cms -encrypt -in in.txt -from steve@openssl.org \
430               -to someone@somewhere -subject "Encrypted message" \
431               -des3 user.pem -out mail.msg
432
433       Sign and encrypt mail:
434
435        openssl cms -sign -in ml.txt -signer my.pem -text \
436               | openssl cms -encrypt -out mail.msg \
437               -from steve@openssl.org -to someone@somewhere \
438               -subject "Signed and Encrypted message" -des3 user.pem
439
440       Note: the encryption command does not include the -text option because
441       the message being encrypted already has MIME headers.
442
443       Decrypt mail:
444
445        openssl cms -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
446
447       The output from Netscape form signing is a PKCS#7 structure with the
448       detached signature format. You can use this program to verify the
449       signature by line wrapping the base64 encoded structure and surrounding
450       it with:
451
452        -----BEGIN PKCS7-----
453        -----END PKCS7-----
454
455       and using the command,
456
457        openssl cms -verify -inform PEM -in signature.pem -content content.txt
458
459       alternatively you can base64 decode the signature and use
460
461        openssl cms -verify -inform DER -in signature.der -content content.txt
462
463       Create an encrypted message using 128 bit Camellia:
464
465        openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
466
467       Add a signer to an existing message:
468
469        openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg
470

BUGS

472       The MIME parser isn't very clever: it seems to handle most messages
473       that I've thrown at it but it may choke on others.
474
475       The code currently will only write out the signer's certificate to a
476       file: if the signer has a separate encryption certificate this must be
477       manually extracted. There should be some heuristic that determines the
478       correct encryption certificate.
479
480       Ideally a database should be maintained of a certificates for each
481       email address.
482
483       The code doesn't currently take note of the permitted symmetric
484       encryption algorithms as supplied in the SMIMECapabilities signed
485       attribute. this means the user has to manually include the correct
486       encryption algorithm. It should store the list of permitted ciphers in
487       a database and only use those.
488
489       No revocation checking is done on the signer's certificate.
490

HISTORY

492       The use of multiple -signer options and the -resign command were first
493       added in OpenSSL 1.0.0
494
495
496
4971.0.0e                            2009-09-30                            CMS(1)
Impressum