cmsutil — Performs basic cryptograpic operations, such as encryption and
decryption, on Cryptographic Message Syntax (CMS) messages.
cmsutil [options] arguments
The cmsutil command-line uses the S/MIME Toolkit to perform basic
operations, such as encryption and decryption, on Cryptographic Message
Syntax (CMS) messages.
To run cmsutil, type the command cmsutil option [arguments] where option
and arguments are combinations of the options and arguments listed in the
following section. Each command takes one option. Each option may take
zero or more arguments. To see a usage string, issue the command without
Options and Arguments
Options specify an action. Option arguments modify an action. The options
and arguments for the cmsutil command are defined as follows:
Decode a message.
Encrypt a message.
Envelope a message.
Create a certificates-only message.
Sign a message.
Option arguments modify an action and are lowercase.
Use this detached content (decode only).
Specify the key/certificate database directory (default is ".")
Specify a file containing an enveloped message for a set of
recipients to which you would like to send an encrypted message.
If this is the first encrypted message for that set of recipients,
a new enveloped message will be created that you can then use for
future messages (encrypt only).
Include a signing time attribute (sign only).
Generate email headers with info about CMS message (decode only).
Use infile as a source of data (default is stdin).
Specify nickname of certificate to sign with (sign only).
Suppress output of contents (decode only).
Use outfile as a destination of data (default is stdout).
Include an S/MIME capabilities attribute.
Use password as key database password.
-r recipient1,recipient2, ...
Specify list of recipients (email addresses) for an encrypted or
enveloped message. For certificates-only message, list of
certificates to send.
Suppress content in CMS message (sign only).
Set type of cert usage (default is certUsageEmailSigner).
Specify an encryption key preference by nickname.
cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile
cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num]
cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..."
cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
Sign Message Example
cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
NSS is maintained in conjunction with PKI and security-related projects
through Mozilla dn Fedora. The most closely-related project is Dogtag PKI,
with a project wiki at http://pki.fedoraproject.org/wiki/.
For information specifically about NSS, the NSS project wiki is located at
http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
directly to NSS code changes and releases.
IRC: Freenode at #dogtag-pki
The NSS tools were written and maintained by developers with Netscape and
now with Red Hat.
(c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2.