Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenSSL S/MIME 3.1 (CMS) - Encrypt/Signature - Verify/Decrypt
# Original Source:
# https://gist.github.com/ggrandes/a57c401f1bad6bd0ffd87a557b7b5790
# SIGN / VERIFY
openssl cms -sign -keyid -md sha256 -nodetach -binary -in /etc/passwd -signer user.crt -inkey user.key -out x.smime -outform SMIME
openssl cms -verify -CAfile ca.crt -in x.smime -inform SMIME
# ENCRYPT / DECRYPT
openssl cms -encrypt -keyid -aes-256-cbc -in /etc/passwd -binary -out x.smime -outform SMIME user.crt
openssl cms -decrypt -in x.smime -inform SMIME -recip user.crt -inkey user.key
# ENCRYPT + SIGN (outform can be SMIME, PEM(base64) or DER(binary))
openssl cms -encrypt -keyid -aes-256-cbc -in /etc/passwd -binary -outform DER user.crt |
openssl cms -sign -keyid -md sha256 -nodetach -binary -signer user.crt -inkey user.key -out x.smime -outform SMIME
# VERIFY + DECRYPT
openssl cms -verify -CAfile ca.crt -in x.smime -inform SMIME |
openssl cms -decrypt -recip user.crt -inkey user.key -inform DER -out x
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment