1CMSUTIL(1)                    NSS Security Tools                    CMSUTIL(1)
2
3
4

NAME

6       cmsutil - Performs basic cryptograpic operations, such as encryption
7       and decryption, on Cryptographic Message Syntax (CMS) messages.
8

SYNOPSIS

10       cmsutil [options] [[arguments]]
11

STATUS

13       This documentation is still work in progress. Please contribute to the
14       initial review in Mozilla NSS bug 836477[1]
15

DESCRIPTION

17       The cmsutil command-line uses the S/MIME Toolkit to perform basic
18       operations, such as encryption and decryption, on Cryptographic Message
19       Syntax (CMS) messages.
20
21       To run cmsutil, type the command cmsutil option [arguments] where
22       option and arguments are combinations of the options and arguments
23       listed in the following section. Each command takes one option. Each
24       option may take zero or more arguments. To see a usage string, issue
25       the command without options.
26

OPTIONS AND ARGUMENTS

28       Options
29
30       Options specify an action. Option arguments modify an action. The
31       options and arguments for the cmsutil command are defined as follows:
32
33       -C
34           Encrypt a message.
35
36       -D
37           Decode a message.
38
39       -E
40           Envelope a message.
41
42       -O
43           Create a certificates-only message.
44
45       -S
46           Sign a message.
47
48       Arguments
49
50       Option arguments modify an action.
51
52       -b
53           Decode a batch of files named in infile.
54
55       -c content
56           Use this detached content (decode only).
57
58       -d dbdir
59           Specify the key/certificate database directory (default is ".")
60
61       -e envfile
62           Specify a file containing an enveloped message for a set of
63           recipients to which you would like to send an encrypted message. If
64           this is the first encrypted message for that set of recipients, a
65           new enveloped message will be created that you can then use for
66           future messages (encrypt only).
67
68       -f pwfile
69           Use password file to set password on all PKCS#11 tokens.
70
71       -G
72           Include a signing time attribute (sign only).
73
74       -H hash
75           Use specified hash algorithm (default:SHA1).
76
77       -h num
78           Generate email headers with info about CMS message (decode only).
79
80       -i infile
81           Use infile as a source of data (default is stdin).
82
83       -k
84           Keep decoded encryption certs in permanent cert db.
85
86       -N nickname
87           Specify nickname of certificate to sign with (sign only).
88
89       -n
90           Suppress output of contents (decode only).
91
92       -o outfile
93           Use outfile as a destination of data (default is stdout).
94
95       -P
96           Include an S/MIME capabilities attribute.
97
98       -p password
99           Use password as key database password.
100
101       -r recipient1,recipient2, ...
102           Specify list of recipients (email addresses) for an encrypted or
103           enveloped message. For certificates-only message, list of
104           certificates to send.
105
106       -T
107           Suppress content in CMS message (sign only).
108
109       -u certusage
110           Set type of cert usage (default is certUsageEmailSigner).
111
112       -v
113           Print debugging information.
114
115       -Y ekprefnick
116           Specify an encryption key preference by nickname.
117

USAGE

119       Encrypt Example
120
121           cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile
122
123
124       Decode Example
125
126           cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num]
127
128
129       Envelope Example
130
131           cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..."
132
133
134       Certificate-only Example
135
136           cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
137
138
139       Sign Message Example
140
141           cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
142
143

SEE ALSO

145       certutil(1)
146

ADDITIONAL RESOURCES

148       For information about NSS and other tools related to NSS (like JSS),
149       check out the NSS project wiki at
150       http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
151       directly to NSS code changes and releases.
152
153       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto
154
155       IRC: Freenode at #dogtag-pki
156

AUTHORS

158       The NSS tools were written and maintained by developers with Netscape,
159       Red Hat, Sun, Oracle, Mozilla, and Google.
160
161       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
162       <dlackey@redhat.com>.
163

LICENSE

165       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL
166       was not distributed with this file, You can obtain one at
167       http://mozilla.org/MPL/2.0/.
168

NOTES

170        1. Mozilla NSS bug 836477
171           https://bugzilla.mozilla.org/show_bug.cgi?id=836477
172
173
174
175nss-tools                         5 June 2014                       CMSUTIL(1)
Impressum