| '\" t |
| .\" Title: CMSUTIL |
| .\" Author: [see the "Authors" section] |
| .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> |
| .\" Date: 5 June 2014 |
| .\" Manual: NSS Security Tools |
| .\" Source: nss-tools |
| .\" Language: English |
| .\" |
| .TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools" |
| .\" ----------------------------------------------------------------- |
| .\" * Define some portability stuff |
| .\" ----------------------------------------------------------------- |
| .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| .\" http://bugs.debian.org/507673 |
| .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html |
| .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| .ie \n(.g .ds Aq \(aq |
| .el .ds Aq ' |
| .\" ----------------------------------------------------------------- |
| .\" * set default formatting |
| .\" ----------------------------------------------------------------- |
| .\" disable hyphenation |
| .nh |
| .\" disable justification (adjust text to left margin only) |
| .ad l |
| .\" ----------------------------------------------------------------- |
| .\" * MAIN CONTENT STARTS HERE * |
| .\" ----------------------------------------------------------------- |
| .SH "NAME" |
| cmsutil \- Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&. |
| .SH "SYNOPSIS" |
| .HP \w'\fBcmsutil\fR\ 'u |
| \fBcmsutil\fR [\fIoptions\fR] [[\fIarguments\fR]] |
| .SH "STATUS" |
| .PP |
| This documentation is still work in progress\&. Please contribute to the initial review in |
| \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2 |
| .SH "DESCRIPTION" |
| .PP |
| The |
| \fBcmsutil\fR |
| command\-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&. |
| .PP |
| To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section\&. Each command takes one option\&. Each option may take zero or more arguments\&. To see a usage string, issue the command without options\&. |
| .SH "OPTIONS AND ARGUMENTS" |
| .PP |
| .PP |
| \fBOptions\fR |
| .PP |
| Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows: |
| .PP |
| \-C |
| .RS 4 |
| Encrypt a message\&. |
| .RE |
| .PP |
| \-D |
| .RS 4 |
| Decode a message\&. |
| .RE |
| .PP |
| \-E |
| .RS 4 |
| Envelope a message\&. |
| .RE |
| .PP |
| \-O |
| .RS 4 |
| Create a certificates\-only message\&. |
| .RE |
| .PP |
| \-S |
| .RS 4 |
| Sign a message\&. |
| .RE |
| .PP |
| \fBArguments\fR |
| .PP |
| Option arguments modify an action\&. |
| .PP |
| \-b |
| .RS 4 |
| Decode a batch of files named in infile\&. |
| .RE |
| .PP |
| \-c content |
| .RS 4 |
| Use this detached content (decode only)\&. |
| .RE |
| .PP |
| \-d dbdir |
| .RS 4 |
| Specify the key/certificate database directory (default is "\&.") |
| .RE |
| .PP |
| \-e envfile |
| .RS 4 |
| Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message\&. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only)\&. |
| .RE |
| .PP |
| \-f pwfile |
| .RS 4 |
| Use password file to set password on all PKCS#11 tokens\&. |
| .RE |
| .PP |
| \-G |
| .RS 4 |
| Include a signing time attribute (sign only)\&. |
| .RE |
| .PP |
| \-H hash |
| .RS 4 |
| Use specified hash algorithm (default:SHA1)\&. |
| .RE |
| .PP |
| \-h num |
| .RS 4 |
| Generate email headers with info about CMS message (decode only)\&. |
| .RE |
| .PP |
| \-i infile |
| .RS 4 |
| Use infile as a source of data (default is stdin)\&. |
| .RE |
| .PP |
| \-k |
| .RS 4 |
| Keep decoded encryption certs in permanent cert db\&. |
| .RE |
| .PP |
| \-N nickname |
| .RS 4 |
| Specify nickname of certificate to sign with (sign only)\&. |
| .RE |
| .PP |
| \-n |
| .RS 4 |
| Suppress output of contents (decode only)\&. |
| .RE |
| .PP |
| \-o outfile |
| .RS 4 |
| Use outfile as a destination of data (default is stdout)\&. |
| .RE |
| .PP |
| \-P |
| .RS 4 |
| Include an S/MIME capabilities attribute\&. |
| .RE |
| .PP |
| \-p password |
| .RS 4 |
| Use password as key database password\&. |
| .RE |
| .PP |
| \-r recipient1,recipient2, \&.\&.\&. |
| .RS 4 |
| Specify list of recipients (email addresses) for an encrypted or enveloped message\&. For certificates\-only message, list of certificates to send\&. |
| .RE |
| .PP |
| \-T |
| .RS 4 |
| Suppress content in CMS message (sign only)\&. |
| .RE |
| .PP |
| \-u certusage |
| .RS 4 |
| Set type of cert usage (default is certUsageEmailSigner)\&. |
| .RE |
| .PP |
| \-v |
| .RS 4 |
| Print debugging information\&. |
| .RE |
| .PP |
| \-Y ekprefnick |
| .RS 4 |
| Specify an encryption key preference by nickname\&. |
| .RE |
| .SH "USAGE" |
| .PP |
| Encrypt Example |
| .sp |
| .if n \{\ |
| .RS 4 |
| .\} |
| .nf |
| cmsutil \-C [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&. \&. \&." \-e envfile |
| |
| .fi |
| .if n \{\ |
| .RE |
| .\} |
| .PP |
| Decode Example |
| .sp |
| .if n \{\ |
| .RS 4 |
| .\} |
| .nf |
| cmsutil \-D [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] [\-c content] [\-n] [\-h num] |
| |
| .fi |
| .if n \{\ |
| .RE |
| .\} |
| .PP |
| Envelope Example |
| .sp |
| .if n \{\ |
| .RS 4 |
| .\} |
| .nf |
| cmsutil \-E [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&.\&.\&." |
| |
| .fi |
| .if n \{\ |
| .RE |
| .\} |
| .PP |
| Certificate\-only Example |
| .sp |
| .if n \{\ |
| .RS 4 |
| .\} |
| .nf |
| cmsutil \-O [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "cert1,cert2, \&. \&. \&." |
| |
| .fi |
| .if n \{\ |
| .RE |
| .\} |
| .PP |
| Sign Message Example |
| .sp |
| .if n \{\ |
| .RS 4 |
| .\} |
| .nf |
| cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\-TGP] [\-Y ekprefnick] |
| |
| .fi |
| .if n \{\ |
| .RE |
| .\} |
| .SH "SEE ALSO" |
| .PP |
| certutil(1) |
| .SH "ADDITIONAL RESOURCES" |
| .PP |
| For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at |
| \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&. |
| .PP |
| Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto |
| .PP |
| IRC: Freenode at #dogtag\-pki |
| .SH "AUTHORS" |
| .PP |
| The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. |
| .PP |
| Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&. |
| .SH "LICENSE" |
| .PP |
| Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. |
| .SH "NOTES" |
| .IP " 1." 4 |
| Mozilla NSS bug 836477 |
| .RS 4 |
| \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477 |
| .RE |