CMS Options (Using the GNU Privacy Guard)

--cipher-algo oid: Use the cipher algorithm with the ASN.1 object identifier oid for encryption. The OID must be specified in dotted notation. For convenience the names 3DES, AES, AES256, and some others are allowed instead of an explicit OID. To specify the encryption mode either the respective OID can be used or the mode is appended after a dash to the name. Currently supported modes are CBC and GCM with the former being implicitly appended. The current default algorithm is AES256-CBC (2.16.840.1.101.3.4.1.42).
--digest-algo name: Use name as the message digest algorithm. Usually this algorithm is deduced from the respective signing certificate. This option forces the use of the given algorithm and may lead to severe interoperability problems.
--include-certs n: Using n of -2 includes all certificate except for the root cert, -1 includes all certs, 0 does not include any certs, 1 includes only the signers cert and all other positive values include up to n certificates starting with the signer cert. The default is -2.