efikeygen(1) [centos man page]
EFIKEYGEN(1) General Commands Manual EFIKEYGEN(1) NAME
efikeygen - command line tool for generating keys to use for PE image signing SYNOPSIS
efikeygen <[--ca | -C] [--self-sign | -S] | [--signer=nickname]> [--token=token | -t token] [--nickname=nickname | -n nickname] [--common-name=common name | -c common name] [--url=url | -u url] [--serial=serial | -s serial] DESCRIPTION
efikeygen is a command line tool for generating keys and certificates to be used with pesign. These are standard X.509 certificates, and can potentially be generated with any certificate creation tool. efikeygen simply sets generates keys with sensible options set for a key to be used for PE image signing. OPTIONS
--ca The certificate being generated is for a CA. --self-sign The generated certificate is to be self signed. --signer=nickname Nickname of certificate to be used to sign the generated certificate. --token=token Use the specified NSS token's certificate database. --nickname=nickname The nickname to use for the generated certificate. --common-name=common-name The X.509 Common Name for the generated certificate. This should be in rfc2253 syntax, i.e. "CN=John Doe,OU=editing,O=New York Times,L=New York,ST=NY,C=US" --url=url Informational url regarding objects signed with this key. --serial=serial number Serial number for use with this key. A certificate is identified by its signer and its serial number, so it's best not to ever re- use this value with the same signer. SEE ALSO
pesign(1) AUTHORS
Peter Jones Mon Jan 07 2013 EFIKEYGEN(1)
Check Out this Related Man Page
PESIGN(1) General Commands Manual PESIGN(1) NAME
pesign - command line tool for signing UEFI applications SYNOPSIS
pesign [--in=infile | -i infile] [--out=outfile | -o outfile] [--token=token | -t token] [--certificate=nickname | -c nickname] [--force | -f] [--sign | -s] [--hash | -h] [--digest_type=digest | -d digest] [--show-signature | -S ] [--remove-signature | -r ] [--export-pubkey=outkey | -K outkey] [--export-cert=outcert | -C outcert] [--ascii-armor | -a] [--daemonize | -D] [--nofork | -N] DESCRIPTION
pesign is a command line tool for manipulating signatures and cryptographic digests of UEFI applications. OPTIONS
--in=infile Specify input binary. --out=outfile Specify output binary. --token=token Use the specified NSS token's certificate database. --certificate=nickname Use the certificate database entry with the specified nickname for signing. --force Overwrite output files. Without this parameter, pesign will refuse to overrite any output files which already exist. --sign Sign the input binary with the key specified by --certificate. --hash Display the cryptographic digest of the input binary on standard output. --digest_type=digest Use the specified digest in hashing and signing operations. By default, this value is "sha256". Use "--digest=help" to list the available digests. --show-signature Show information about the signature of the input binary. --remove-signature Remove the signature section from the binary. --export-pubkey=outkey Export the public key specified by --certificate to outkey --export-cert=outcert Export the certificate specified by --certificate to outcert --ascii Use ascii armoring on exported certificates. --daemonize Spawn a daemon for use with pesign-client(1) --nofork Do not fork when using --daemonize. SEE ALSO
pesign-client(1) AUTHORS
Peter Jones Thu Jun 21 2012 PESIGN(1)