.. _mozilla_projects_nss_reference_nss_tools_:_cmsutil: NSS tools : cmsutil =================== .. container:: Name | cmsutil — Performs basic cryptograpic operations, such as encryption and | decryption, on Cryptographic Message Syntax (CMS) messages. Synopsis cmsutil [options] `arguments `__ Description | The cmsutil command-line uses the S/MIME Toolkit to perform basic | operations, such as encryption and decryption, on Cryptographic Message | Syntax (CMS) messages. | To run cmsutil, type the command cmsutil option [arguments] where option | and arguments are combinations of the options and arguments listed in the | following section. Each command takes one option. Each option may take | zero or more arguments. To see a usage string, issue the command without | options. Options and Arguments Options | Options specify an action. Option arguments modify an action. The options | and arguments for the cmsutil command are defined as follows: -D Decode a message. -C Encrypt a message. -E Envelope a message. -O Create a certificates-only message. -S Sign a message. Arguments Option arguments modify an action and are lowercase. -c content Use this detached content (decode only). -d dbdir Specify the key/certificate database directory (default is ".") -e envfile | Specify a file containing an enveloped message for a set of | recipients to which you would like to send an encrypted message. | If this is the first encrypted message for that set of recipients, | a new enveloped message will be created that you can then use for | future messages (encrypt only). -G Include a signing time attribute (sign only). -h num Generate email headers with info about CMS message (decode only). -i infile Use infile as a source of data (default is stdin). -N nickname Specify nickname of certificate to sign with (sign only). -n Suppress output of contents (decode only). -o outfile Use outfile as a destination of data (default is stdout). -P Include an S/MIME capabilities attribute. -p password Use password as key database password. -r recipient1,recipient2, ... | Specify list of recipients (email addresses) for an encrypted or | enveloped message. For certificates-only message, list of | certificates to send. -T Suppress content in CMS message (sign only). -u certusage Set type of cert usage (default is certUsageEmailSigner). -Y ekprefnick Specify an encryption key preference by nickname. Usage Encrypt Example cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile | | Decode Example cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num] | | Envelope Example cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..." | | Certificate-only Example cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ." | | Sign Message Example cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick] | | See also certutil(1) See Also Additional Resources | NSS is maintained in conjunction with PKI and security-related projects | through Mozilla dn Fedora. The most closely-related project is Dogtag PKI, | with a project wiki at [1]\ http://pki.fedoraproject.org/wiki/. | For information specifically about NSS, the NSS project wiki is located at | [2]\ `http://www.mozilla.org/projects/security/pki/nss/ `__. The NSS site relates | directly to NSS code changes and releases. Mailing lists: pki-devel@redhat.com and pki-users@redhat.com IRC: Freenode at #dogtag-pki Authors | The NSS tools were written and maintained by developers with Netscape and | now with Red Hat. | Authors: Elio Maldonado , Deon Lackey | . Copyright (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. References | Visible links | 1. http://pki.fedoraproject.org/wiki/ | 2. `http://www.mozilla.org/projects/security/pki/nss/ `__