michael@0: '\" t
michael@0: .\"     Title: CMSUTIL
michael@0: .\"    Author: [see the "Authors" section]
michael@0: .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
michael@0: .\"      Date:  5 June 2014
michael@0: .\"    Manual: NSS Security Tools
michael@0: .\"    Source: nss-tools
michael@0: .\"  Language: English
michael@0: .\"
michael@0: .TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * Define some portability stuff
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
michael@0: .\" http://bugs.debian.org/507673
michael@0: .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
michael@0: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
michael@0: .ie \n(.g .ds Aq \(aq
michael@0: .el       .ds Aq '
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * set default formatting
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" disable hyphenation
michael@0: .nh
michael@0: .\" disable justification (adjust text to left margin only)
michael@0: .ad l
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * MAIN CONTENT STARTS HERE *
michael@0: .\" -----------------------------------------------------------------
michael@0: .SH "NAME"
michael@0: cmsutil \- Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&.
michael@0: .SH "SYNOPSIS"
michael@0: .HP \w'\fBcmsutil\fR\ 'u
michael@0: \fBcmsutil\fR [\fIoptions\fR] [[\fIarguments\fR]]
michael@0: .SH "STATUS"
michael@0: .PP
michael@0: This documentation is still work in progress\&. Please contribute to the initial review in
michael@0: \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
michael@0: .SH "DESCRIPTION"
michael@0: .PP
michael@0: The
michael@0: \fBcmsutil\fR
michael@0: command\-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&.
michael@0: .PP
michael@0: To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section\&. Each command takes one option\&. Each option may take zero or more arguments\&. To see a usage string, issue the command without options\&.
michael@0: .SH "OPTIONS AND ARGUMENTS"
michael@0: .PP
michael@0: .PP
michael@0: \fBOptions\fR
michael@0: .PP
michael@0: Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows:
michael@0: .PP
michael@0: \-C
michael@0: .RS 4
michael@0: Encrypt a message\&.
michael@0: .RE
michael@0: .PP
michael@0: \-D
michael@0: .RS 4
michael@0: Decode a message\&.
michael@0: .RE
michael@0: .PP
michael@0: \-E
michael@0: .RS 4
michael@0: Envelope a message\&.
michael@0: .RE
michael@0: .PP
michael@0: \-O
michael@0: .RS 4
michael@0: Create a certificates\-only message\&.
michael@0: .RE
michael@0: .PP
michael@0: \-S
michael@0: .RS 4
michael@0: Sign a message\&.
michael@0: .RE
michael@0: .PP
michael@0: \fBArguments\fR
michael@0: .PP
michael@0: Option arguments modify an action\&.
michael@0: .PP
michael@0: \-b
michael@0: .RS 4
michael@0: Decode a batch of files named in infile\&.
michael@0: .RE
michael@0: .PP
michael@0: \-c content
michael@0: .RS 4
michael@0: Use this detached content (decode only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-d dbdir
michael@0: .RS 4
michael@0: Specify the key/certificate database directory (default is "\&.")
michael@0: .RE
michael@0: .PP
michael@0: \-e envfile
michael@0: .RS 4
michael@0: Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message\&. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-f pwfile
michael@0: .RS 4
michael@0: Use password file to set password on all PKCS#11 tokens\&.
michael@0: .RE
michael@0: .PP
michael@0: \-G
michael@0: .RS 4
michael@0: Include a signing time attribute (sign only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-H hash
michael@0: .RS 4
michael@0: Use specified hash algorithm (default:SHA1)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-h num
michael@0: .RS 4
michael@0: Generate email headers with info about CMS message (decode only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-i infile
michael@0: .RS 4
michael@0: Use infile as a source of data (default is stdin)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-k
michael@0: .RS 4
michael@0: Keep decoded encryption certs in permanent cert db\&.
michael@0: .RE
michael@0: .PP
michael@0: \-N nickname
michael@0: .RS 4
michael@0: Specify nickname of certificate to sign with (sign only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-n
michael@0: .RS 4
michael@0: Suppress output of contents (decode only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-o outfile
michael@0: .RS 4
michael@0: Use outfile as a destination of data (default is stdout)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-P
michael@0: .RS 4
michael@0: Include an S/MIME capabilities attribute\&.
michael@0: .RE
michael@0: .PP
michael@0: \-p password
michael@0: .RS 4
michael@0: Use password as key database password\&.
michael@0: .RE
michael@0: .PP
michael@0: \-r recipient1,recipient2, \&.\&.\&.
michael@0: .RS 4
michael@0: Specify list of recipients (email addresses) for an encrypted or enveloped message\&. For certificates\-only message, list of certificates to send\&.
michael@0: .RE
michael@0: .PP
michael@0: \-T
michael@0: .RS 4
michael@0: Suppress content in CMS message (sign only)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-u certusage
michael@0: .RS 4
michael@0: Set type of cert usage (default is certUsageEmailSigner)\&.
michael@0: .RE
michael@0: .PP
michael@0: \-v
michael@0: .RS 4
michael@0: Print debugging information\&.
michael@0: .RE
michael@0: .PP
michael@0: \-Y ekprefnick
michael@0: .RS 4
michael@0: Specify an encryption key preference by nickname\&.
michael@0: .RE
michael@0: .SH "USAGE"
michael@0: .PP
michael@0: Encrypt Example
michael@0: .sp
michael@0: .if n \{\
michael@0: .RS 4
michael@0: .\}
michael@0: .nf
michael@0: cmsutil \-C [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&. \&. \&." \-e envfile
michael@0:       
michael@0: .fi
michael@0: .if n \{\
michael@0: .RE
michael@0: .\}
michael@0: .PP
michael@0: Decode Example
michael@0: .sp
michael@0: .if n \{\
michael@0: .RS 4
michael@0: .\}
michael@0: .nf
michael@0: cmsutil \-D [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] [\-c content] [\-n] [\-h num]
michael@0:       
michael@0: .fi
michael@0: .if n \{\
michael@0: .RE
michael@0: .\}
michael@0: .PP
michael@0: Envelope Example
michael@0: .sp
michael@0: .if n \{\
michael@0: .RS 4
michael@0: .\}
michael@0: .nf
michael@0: cmsutil \-E [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&.\&.\&."
michael@0:       
michael@0: .fi
michael@0: .if n \{\
michael@0: .RE
michael@0: .\}
michael@0: .PP
michael@0: Certificate\-only Example
michael@0: .sp
michael@0: .if n \{\
michael@0: .RS 4
michael@0: .\}
michael@0: .nf
michael@0: cmsutil \-O [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "cert1,cert2, \&. \&. \&."
michael@0:       
michael@0: .fi
michael@0: .if n \{\
michael@0: .RE
michael@0: .\}
michael@0: .PP
michael@0: Sign Message Example
michael@0: .sp
michael@0: .if n \{\
michael@0: .RS 4
michael@0: .\}
michael@0: .nf
michael@0: cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\-TGP] [\-Y ekprefnick]
michael@0:       
michael@0: .fi
michael@0: .if n \{\
michael@0: .RE
michael@0: .\}
michael@0: .SH "SEE ALSO"
michael@0: .PP
michael@0: certutil(1)
michael@0: .SH "ADDITIONAL RESOURCES"
michael@0: .PP
michael@0: For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
michael@0: \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
michael@0: .PP
michael@0: Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
michael@0: .PP
michael@0: IRC: Freenode at #dogtag\-pki
michael@0: .SH "AUTHORS"
michael@0: .PP
michael@0: The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
michael@0: .PP
michael@0: Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
michael@0: .SH "LICENSE"
michael@0: .PP
michael@0: Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
michael@0: .SH "NOTES"
michael@0: .IP " 1." 4
michael@0: Mozilla NSS bug 836477
michael@0: .RS 4
michael@0: \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
michael@0: .RE