deploy openssl/openssl@dfc3d46 to 3.4

Author: openssl-machine

3.4/man1/openssl-cms/index.html

@@ -41,4 +41,4 @@
        -recip cert.pem -keyopt rsa_padding_mode:oaep
 </code></pre></div><p>Use SHA256 KDF with an ECDH certificate:</p><div class=highlight><pre><span></span><code>openssl cms -encrypt -in plain.txt -out mail.msg \
        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
-</code></pre></div><p>Print CMS signed binary data in human-readable form:</p><p>openssl cms -in signed.cms -binary -inform DER -cmsout -print</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>The MIME parser isn&#39;t very clever: it seems to handle most messages that I&#39;ve thrown at it but it may choke on others.</p><p>The code currently will only write out the signer&#39;s certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.</p><p>Ideally a database should be maintained of a certificates for each email address.</p><p>The code doesn&#39;t currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.</p><p>No revocation checking is done on the signer&#39;s certificate.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../../man7/ossl_store-file/ >ossl_store-file(7)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The use of multiple <strong>-signer</strong> options and the <strong>-resign</strong> command were first added in OpenSSL 1.0.0.</p><p>The <strong>-keyopt</strong> option was added in OpenSSL 1.0.2.</p><p>Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.</p><p>The use of non-RSA keys with <strong>-encrypt</strong> and <strong>-decrypt</strong> was added in OpenSSL 1.0.2.</p><p>The -no_alt_chains option was added in OpenSSL 1.0.2b.</p><p>The <strong>-nameopt</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><p>The <strong>-digest</strong> option was added in OpenSSL 3.2.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>
+</code></pre></div><p>Print CMS signed binary data in human-readable form:</p><p>openssl cms -in signed.cms -binary -inform DER -cmsout -print</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>The MIME parser isn&#39;t very clever: it seems to handle most messages that I&#39;ve thrown at it but it may choke on others.</p><p>The code currently will only write out the signer&#39;s certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.</p><p>Ideally a database should be maintained of a certificates for each email address.</p><p>The code doesn&#39;t currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.</p><p>No revocation checking is done on the signer&#39;s certificate.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../../man7/ossl_store-file/ >ossl_store-file(7)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The use of multiple <strong>-signer</strong> options and the <strong>-resign</strong> command were first added in OpenSSL 1.0.0.</p><p>The <strong>-keyopt</strong> option was added in OpenSSL 1.0.2.</p><p>Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.</p><p>The use of non-RSA keys with <strong>-encrypt</strong> and <strong>-decrypt</strong> was added in OpenSSL 1.0.2.</p><p>The -no_alt_chains option was added in OpenSSL 1.0.2b.</p><p>The <strong>-nameopt</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><p>The <strong>-digest</strong> option was added in OpenSSL 3.2.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>

3.4/man1/openssl-pkeyutl/index.html

@@ -26,4 +26,4 @@
    -rawin -digest sm3 -pkeyopt distid:someid
 </code></pre></div><p>Decrypt some data using a private key with OAEP padding using SHA256:</p><div class=highlight><pre><span></span><code>openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
    -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
-</code></pre></div><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../openssl/ >openssl(1)</a>, <a href=../openssl-genpkey/ >openssl-genpkey(1)</a>, <a href=../openssl-pkey/ >openssl-pkey(1)</a>, <a href=../openssl-rsautl/ >openssl-rsautl(1)</a><a href=../openssl-dgst/ >openssl-dgst(1)</a>, <a href=../openssl-rsa/ >openssl-rsa(1)</a>, <a href=../openssl-genrsa/ >openssl-genrsa(1)</a>, <a href=../openssl-kdf/ >openssl-kdf(1)</a><a href=../../man3/EVP_PKEY_CTX_set_hkdf_md/ >EVP_PKEY_CTX_set_hkdf_md(3)</a>, <a href=../../man3/EVP_PKEY_CTX_set_tls1_prf_md/ >EVP_PKEY_CTX_set_tls1_prf_md(3)</a>,</p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>
+</code></pre></div><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../openssl/ >openssl(1)</a>, <a href=../openssl-genpkey/ >openssl-genpkey(1)</a>, <a href=../openssl-pkey/ >openssl-pkey(1)</a>, <a href=../openssl-rsautl/ >openssl-rsautl(1)</a><a href=../openssl-dgst/ >openssl-dgst(1)</a>, <a href=../openssl-rsa/ >openssl-rsa(1)</a>, <a href=../openssl-genrsa/ >openssl-genrsa(1)</a>, <a href=../openssl-kdf/ >openssl-kdf(1)</a><a href=../../man3/EVP_PKEY_CTX_set_hkdf_md/ >EVP_PKEY_CTX_set_hkdf_md(3)</a>, <a href=../../man3/EVP_PKEY_CTX_set_tls1_prf_md/ >EVP_PKEY_CTX_set_tls1_prf_md(3)</a>,</p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>