diff options
author | Viktor Söderqvist <viktor.soderqvist@est.tech> | 2021-04-28 10:54:57 +0200 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2022-04-02 10:42:16 -0400 |
commit | 07342bad1bf850657e1a1f21188ee9a8a75e3a19 (patch) | |
tree | f9b918931dd10d5a1e58a3a7c039eb29b1e39a7c /doc/man1/openssl-cms.pod.in | |
parent | e4cdcb8bc44250aa4e0893dc4a7d64668f0fb949 (diff) |
CMS sign digest
CLI changes: New parameter -digest to CLI command openssl cms, to
provide pre-computed digest for use with -sign.
API changes: New function CMS_final_digest(), like CMS_final() but
uses a pre-computed digest instead of computing it from the data.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/15348)
Diffstat (limited to 'doc/man1/openssl-cms.pod.in')
-rw-r--r-- | doc/man1/openssl-cms.pod.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index c63a7f330b..632d7fe857 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -25,6 +25,7 @@ Operation options: [B<-resign>] [B<-sign_receipt>] [B<-verify_receipt> I<receipt>] +[B<-digest> I<digest>] [B<-digest_create>] [B<-digest_verify>] [B<-compress>] @@ -207,6 +208,16 @@ Verify a signed receipt in filename B<receipt>. The input message B<must> contain the original receipt request. Functionality is otherwise similar to the B<-verify> operation. +=item B<-digest> I<digest> + +When used with B<-sign>, provides the digest in hexadecimal form instead of +computing it from the original message content. Cannot be combined with B<-in> +or B<-nodetach>. + +This operation is the CMS equivalent of L<openssl-pkeyutl(1)> signing. +When signing a pre-computed digest, the security relies on the digest and its +computation from the original message being trusted. + =item B<-digest_create> Create a CMS B<DigestedData> type. @@ -900,6 +911,8 @@ The B<-nameopt> option was added in OpenSSL 3.0.0. The B<-engine> option was deprecated in OpenSSL 3.0. +The B<-digest> option was added in OpenSSL 3.1. + =head1 COPYRIGHT Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. |