Source code

Revision control

Copy as Markdown

Other Tools

.. _mozilla_projects_nss_tools_cmsutil:
NSS tools : cmsutil
===================
.. container::
| Name
| cmsutil — Performs basic cryptograpic operations, such as encryption and
| decryption, on Cryptographic Message Syntax (CMS) messages.
| Synopsis
| cmsutil [options] `arguments <arguments>`__
| Description
| The cmsutil command-line uses the S/MIME Toolkit to perform basic
| operations, such as encryption and decryption, on Cryptographic Message
| Syntax (CMS) messages.
| To run cmsutil, type the command cmsutil option [arguments] where option
| and arguments are combinations of the options and arguments listed in the
| following section. Each command takes one option. Each option may take
| zero or more arguments. To see a usage string, issue the command without
| options.
| Options and Arguments
| Options
| Options specify an action. Option arguments modify an action. The options
| and arguments for the cmsutil command are defined as follows:
| -D
| Decode a message.
| -C
| Encrypt a message.
| -E
| Envelope a message.
| -O
| Create a certificates-only message.
| -S
| Sign a message.
| Arguments
| Option arguments modify an action and are lowercase.
| -c content
| Use this detached content (decode only).
| -d dbdir
| Specify the key/certificate database directory (default is ".")
| -e envfile
| Specify a file containing an enveloped message for a set of
| recipients to which you would like to send an encrypted message.
| If this is the first encrypted message for that set of recipients,
| a new enveloped message will be created that you can then use for
| future messages (encrypt only).
| -G
| Include a signing time attribute (sign only).
| -h num
| Generate email headers with info about CMS message (decode only).
| -i infile
| Use infile as a source of data (default is stdin).
| -N nickname
| Specify nickname of certificate to sign with (sign only).
| -n
| Suppress output of contents (decode only).
| -o outfile
| Use outfile as a destination of data (default is stdout).
| -P
| Include an S/MIME capabilities attribute.
| -p password
| Use password as key database password.
| -r recipient1,recipient2, ...
| Specify list of recipients (email addresses) for an encrypted or
| enveloped message. For certificates-only message, list of
| certificates to send.
| -T
| Suppress content in CMS message (sign only).
| -u certusage
| Set type of cert usage (default is certUsageEmailSigner).
| -Y ekprefnick
| Specify an encryption key preference by nickname.
| Usage
| Encrypt Example
| cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ."
-e envfile
| Decode Example
| cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num]
| Envelope Example
| cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..."
| Certificate-only Example
| cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
| Sign Message Example
| cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
| See also
| certutil(1)
| See Also
| Additional Resources
| NSS is maintained in conjunction with PKI and security-related projects
| through Mozilla dn Fedora. The most closely-related project is Dogtag PKI,
| with a project wiki at [1]\ http://pki.fedoraproject.org/wiki/.
| For information specifically about NSS, the NSS project wiki is located at
|
The NSS site relates
| directly to NSS code changes and releases.
| Mailing lists: pki-devel@redhat.com and pki-users@redhat.com
| IRC: Freenode at #dogtag-pki
| Authors
| The NSS tools were written and maintained by developers with Netscape and
| now with Red Hat.
| Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
| <dlackey@redhat.com>.
| Copyright
| (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2.
| References
| Visible links
| 2.