Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libcrypto / man / CMS_sign_add1_signer.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
01185282
PA
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
10.ft CW
11.nf
12.ne \\$1
13..
14.de Ve \" End verbatim text
15.ft R
16.fi
17..
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
26.ie n \{\
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
72.\}
73.if t \{\
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
79.\}
80. \" simple accents for nroff and troff
81.if n \{\
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
88.\}
89.if t \{\
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
96.\}
97. \" troff and (daisy-wheel) nroff accents
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
107. \" corrections for vroff
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110. \" for low resolution devices (crt and lpr)
111.if \n(.H>23 .if \n(.V>19 \
112\{\
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "CMS_sign_add1_signer 3"
e3261593 127.TH CMS_sign_add1_signer 3 "2012-01-04" "1.0.0f" "OpenSSL"
01185282
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133.Vb 1
134\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure.
135.Ve
136.SH "SYNOPSIS"
137.IX Header "SYNOPSIS"
138.Vb 1
139\& #include <openssl/cms.h>
140\&
141\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags);
142\&
143\& int CMS_SignerInfo_sign(CMS_SignerInfo *si);
144.Ve
145.SH "DESCRIPTION"
146.IX Header "DESCRIPTION"
147\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private
148key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData
149structure \fBcms\fR.
150.PP
151The CMS_ContentInfo structure should be obtained from an initial call to
152\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a
153valid CMS_ContentInfo SignedData structure.
154.PP
155If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public
156key algorithm will be used.
157.PP
158Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo
159structure is not complete and must be finalized either by streaming (if
160applicable) or a call to \fICMS_final()\fR.
161.PP
162The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo
163structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags
164are both set.
165.SH "NOTES"
166.IX Header "NOTES"
167The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control
168over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults
169are not appropriate. For example if multiple signers or non default digest
170algorithms are needed. New attributes can also be added using the returned
171CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the
172\&\s-1CMS\s0 signed receipt request functions.
173.PP
174Any of the following flags (ored together) can be passed in the \fBflags\fR
175parameter.
176.PP
177If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content
178digest value from the CMS_ContentInfo structure: to add a signer to an existing
179structure. An error occurs if a matching digest value cannot be found to copy.
180The returned CMS_ContentInfo structure will be valid and finalized when this
181flag is set.
182.PP
183If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the
184CMS_SignerInfo structure will not be finalized so additional attributes
185can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is
186needed to finalize it.
187.PP
188If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the
189CMS_ContentInfo structure, the signer's certificate must still be supplied in
190the \fBsigncert\fR parameter though. This can reduce the size of the signature if
191the signers certificate can be obtained by other means: for example a
192previously signed message.
193.PP
194The SignedData structure includes several \s-1CMS\s0 signedAttributes including the
195signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an
196SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes
197will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are
198omitted.
199.PP
200OpenSSL will by default identify signing certificates using issuer name
201and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key
202identifier value instead. An error occurs if the signing certificate does not
203have a subject key identifier extension.
204.PP
205If present the SMIMECapabilities attribute indicates support for the following
206algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192
207bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0.
208If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is
209not loaded.
210.PP
211\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
212structure just added, this can be used to set additional attributes
213before it is finalized.
214.SH "RETURN VALUES"
215.IX Header "RETURN VALUES"
216\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo
217structure just added or \s-1NULL\s0 if an error occurs.
218.SH "SEE ALSO"
219.IX Header "SEE ALSO"
220\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3),
221\&\fICMS_final\fR\|(3),
222.SH "HISTORY"
223.IX Header "HISTORY"
224\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8