diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2019-11-25 16:45:49 -0500 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-11-28 11:09:01 -0700 |
commit | 15ed2184e61e40a35e56921aa57a49726f56b5c2 (patch) | |
tree | dcbfc5dee613788a87a4b747dad95a66f64dff75 /email-print-mime-structure.1.pod | |
parent | 3c84e68d79ed84f916f1b983168d58e0f360686b (diff) | |
download | mailscripts-15ed2184e61e40a35e56921aa57a49726f56b5c2.tar.gz |
email-print-mime-structure: decrypt S/MIME parts with OpenSSL
If the user supplies a secret key like the ones found in
https://www.ietf.org/id/draft-dkg-lamps-samples-01.html, then
email-print-mime-structure will try to use that for decryption of
CMS-encrypted (S/MIME) message parts.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'email-print-mime-structure.1.pod')
-rw-r--r-- | email-print-mime-structure.1.pod | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/email-print-mime-structure.1.pod b/email-print-mime-structure.1.pod index f109997..037c1a9 100644 --- a/email-print-mime-structure.1.pod +++ b/email-print-mime-structure.1.pod @@ -32,15 +32,26 @@ key. OpenPGP secret keys listed in B<--pgpkey=> are used ephemerally, and do not interact with any local GnuPG keyring. +=item B<--cmskey=>I<KEYFILE> + +I<KEYFILE> should name a PEM- or DER-encoded X.509 private key that is +not password-protected. If an S/MIME-encrypted message that uses CMS +is found on standard input, this key will be tried for decryption. +May be used multiple times if you want to try decrypting with more +than one such key. + +X.509 private keys listed in B<--cmskey=> are used ephemerally, and do +not interact with any local GnuPG keyring. + =item B<--use-gpg-agent> If this flag is present, and B<email-print-mime-structure> encounters a PGP/MIME- or S/MIME-encrypted part, it will try to decrypt the part using the secret keys found in the local installation of GnuPG. -If both B<--pgpkey=>I<KEYFILE> and B<--use-gpg-agent> are -supplied, I<KEYFILE> arguments will be tried before falling back to -GnuPG. +If B<--use-gpg-agent> is supplied along with either +B<--pgpkey=>I<KEYFILE> or B<--cmskey=>I<KEYFILE> arguments, the +I<KEYFILE> arguments will be tried before falling back to GnuPG. If B<email-print-mime-structure> has been asked to decrypt parts with either B<--pgpkey=>I<KEYFILE> or with B<--use-gpg-agent>, and it |