From 15ed2184e61e40a35e56921aa57a49726f56b5c2 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 25 Nov 2019 16:45:49 -0500 Subject: email-print-mime-structure: decrypt S/MIME parts with OpenSSL If the user supplies a secret key like the ones found in https://www.ietf.org/id/draft-dkg-lamps-samples-01.html, then email-print-mime-structure will try to use that for decryption of CMS-encrypted (S/MIME) message parts. Signed-off-by: Daniel Kahn Gillmor Acked-by: Sean Whitton --- email-print-mime-structure.1.pod | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'email-print-mime-structure.1.pod') diff --git a/email-print-mime-structure.1.pod b/email-print-mime-structure.1.pod index f109997..037c1a9 100644 --- a/email-print-mime-structure.1.pod +++ b/email-print-mime-structure.1.pod @@ -32,15 +32,26 @@ key. OpenPGP secret keys listed in B<--pgpkey=> are used ephemerally, and do not interact with any local GnuPG keyring. +=item B<--cmskey=>I + +I should name a PEM- or DER-encoded X.509 private key that is +not password-protected. If an S/MIME-encrypted message that uses CMS +is found on standard input, this key will be tried for decryption. +May be used multiple times if you want to try decrypting with more +than one such key. + +X.509 private keys listed in B<--cmskey=> are used ephemerally, and do +not interact with any local GnuPG keyring. + =item B<--use-gpg-agent> If this flag is present, and B encounters a PGP/MIME- or S/MIME-encrypted part, it will try to decrypt the part using the secret keys found in the local installation of GnuPG. -If both B<--pgpkey=>I and B<--use-gpg-agent> are -supplied, I arguments will be tried before falling back to -GnuPG. +If B<--use-gpg-agent> is supplied along with either +B<--pgpkey=>I or B<--cmskey=>I arguments, the +I arguments will be tried before falling back to GnuPG. If B has been asked to decrypt parts with either B<--pgpkey=>I or with B<--use-gpg-agent>, and it -- cgit v1.2.3