diff options
| author | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2014-06-26 09:30:29 +0200 |
| commit | c30d5eefc96925b4bef781806c7a0114eca1b8e0 (patch) | |
| tree | 420bb99ba463e5df728e71214ea6aaed0ad18fcb /openssl/doc/apps/cms.pod | |
| parent | d435b20322433b335a4fc5693cce0399a3f27b2d (diff) | |
| download | vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.gz vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.tar.bz2 vcxsrv-c30d5eefc96925b4bef781806c7a0114eca1b8e0.zip | |
Opdated to openssl-1.0.1h
xkeyboard-config fontconfig libX11 libxcb xcb-proto mesa xserver git update 26 June 2014
xserver commit a3b44ad8db1fa2f3b81c1ff9498f31c5323edd37
libxcb commit 125135452a554e89e49448e2c1ee6658324e1095
libxcb/xcb-proto commit 84bfd909bc3774a459b11614cfebeaa584a1eb38
xkeyboard-config commit 39a226707b133ab5540c2d30176cb3857e74dcca
libX11 commit a4679baaa18142576d42d423afe816447f08336c
fontconfig commit 274f2181f294af2eff3e8db106ec8d7bab2d3ff1
mesa commit 9a8acafa47558cafeb37f80f4b30061ac1962c69
Diffstat (limited to 'openssl/doc/apps/cms.pod')
| -rw-r--r-- | openssl/doc/apps/cms.pod | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/openssl/doc/apps/cms.pod b/openssl/doc/apps/cms.pod index a09588a18..a76b3e0fd 100644 --- a/openssl/doc/apps/cms.pod +++ b/openssl/doc/apps/cms.pod @@ -90,6 +90,11 @@ decrypt mail using the supplied certificate and private key. Expects an encrypted mail message in MIME format for the input file. The decrypted mail is written to the output file. +=item B<-debug_decrypt> + +this option sets the B<CMS_DEBUG_DECRYPT> flag. This option should be used +with caution: see the notes section below. + =item B<-sign> sign mail using the supplied certificate and private key. Input file is @@ -446,32 +451,42 @@ Streaming is always used for the B<-sign> operation with detached data but since the content is no longer part of the CMS structure the encoding remains DER. +If the B<-decrypt> option is used without a recipient certificate then an +attempt is made to locate the recipient by trying each potential recipient +in turn using the supplied private key. To thwart the MMA attack +(Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) all recipients are +tried whether they succeed or not and if no recipients match the message +is "decrypted" using a random key which will typically output garbage. +The B<-debug_decrypt> option can be used to disable the MMA attack protection +and return an error if no recipient can be found: this option should be used +with caution. For a fuller description see L<CMS_decrypt(3)|CMS_decrypt(3)>). + =head1 EXIT CODES =over 4 -=item 0 +=item Z<>0 the operation was completely successfully. -=item 1 +=item Z<>1 an error occurred parsing the command options. -=item 2 +=item Z<>2 one of the input files could not be read. -=item 3 +=item Z<>3 an error occurred creating the CMS file or when reading the MIME message. -=item 4 +=item Z<>4 an error occurred decrypting or verifying the message. -=item 5 +=item Z<>5 the message was verified correctly but an error occurred writing out the signers certificates. |