NSS Security Tools

diff -r 000000000000 -r 6474c204b198 security/nss/doc/cmsutil.xml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/security/nss/doc/cmsutil.xml Wed Dec 31 06:09:35 2014 +0100 @@ -0,0 +1,299 @@ + + + +]> + + + + + &date; + NSS Security Tools + nss-tools + &version; + + + + CMSUTIL + 1 + + + + cmsutil + Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. + + + + + cmsutil + options + [arguments] + + + + + STATUS + This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 + + + + + Description + + The cmsutil command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. + + +To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. +Each command takes one option. Each option may take zero or more arguments. +To see a usage string, issue the command without options. + + + + + + Options and Arguments + + + Options + +Options specify an action. Option arguments modify an action. +The options and arguments for the cmsutil command are defined as follows: + + + + -C + Encrypt a message. + + + + -D + Decode a message. + + + + -E + Envelope a message. + + + + -O + Create a certificates-only message. + + + + -S + Sign a message. + + + + + Arguments + Option arguments modify an action. + + + -b + + Decode a batch of files named in infile. + + + + + -c content + + Use this detached content (decode only). + + + + + -d dbdir + + Specify the key/certificate database directory (default is ".") + + + + + -e envfile + + Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only). + + + + + -f pwfile + + Use password file to set password on all PKCS#11 tokens. + + + + + -G + + Include a signing time attribute (sign only). + + + + + -H hash + + Use specified hash algorithm (default:SHA1). + + + + + -h num + + Generate email headers with info about CMS message (decode only). + + + + + -i infile + + Use infile as a source of data (default is stdin). + + + + + -k + + Keep decoded encryption certs in permanent cert db. + + + + + -N nickname + + Specify nickname of certificate to sign with (sign only). + + + + + -n + + Suppress output of contents (decode only). + + + + + -o outfile + + Use outfile as a destination of data (default is stdout). + + + + + -P + + Include an S/MIME capabilities attribute. + + + + + -p password + + Use password as key database password. + + + + + -r recipient1,recipient2, ... + + +Specify list of recipients (email addresses) for an encrypted or enveloped message. +For certificates-only message, list of certificates to send. + + + + + + -T + + Suppress content in CMS message (sign only). + + + + + -u certusage + + Set type of cert usage (default is certUsageEmailSigner). + + + + + -v + + Print debugging information. + + + + + -Y ekprefnick + + Specify an encryption key preference by nickname. + + + + + + + + + Usage + Encrypt Example + +cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile + + + Decode Example + +cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num] + + + Envelope Example + +cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..." + + + Certificate-only Example + +cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ." + + + Sign Message Example + +cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick] + + + + + + See also + certutil(1) + + + + + Additional Resources + For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases. + Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto + IRC: Freenode at #dogtag-pki + + + + + Authors + The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + + Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>. + + + + + + LICENSE + Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/. + + + +