PESIGN(1) General Commands Manual PESIGN(1)NAME
pesign - command line tool for signing UEFI applications
SYNOPSIS
pesign [--in=infile | -i infile]
[--out=outfile | -o outfile]
[--token=token | -t token]
[--certificate=nickname | -c nickname]
[--force | -f] [--sign | -s] [--hash | -h]
[--digest_type=digest | -d digest]
[--show-signature | -S ] [--remove-signature | -r ]
[--export-pubkey=outkey | -K outkey]
[--export-cert=outcert | -C outcert]
[--ascii-armor | -a] [--daemonize | -D] [--nofork | -N]
DESCRIPTION
pesign is a command line tool for manipulating signatures and cryptographic digests of UEFI applications.
OPTIONS --in=infile
Specify input binary.
--out=outfile
Specify output binary.
--token=token
Use the specified NSS token's certificate database.
--certificate=nickname
Use the certificate database entry with the specified nickname for signing.
--force
Overwrite output files. Without this parameter, pesign will refuse to overrite any output files which already exist.
--sign Sign the input binary with the key specified by --certificate.
--hash Display the cryptographic digest of the input binary on standard output.
--digest_type=digest
Use the specified digest in hashing and signing operations. By default, this value is "sha256". Use "--digest=help" to list the
available digests.
--show-signature
Show information about the signature of the input binary.
--remove-signature
Remove the signature section from the binary.
--export-pubkey=outkey
Export the public key specified by --certificate to outkey
--export-cert=outcert
Export the certificate specified by --certificate to outcert
--ascii
Use ascii armoring on exported certificates.
--daemonize
Spawn a daemon for use with pesign-client(1)--nofork
Do not fork when using --daemonize.
SEE ALSO pesign-client(1)AUTHORS
Peter Jones
Thu Jun 21 2012 PESIGN(1)
Check Out this Related Man Page
DGST(1) OpenSSL DGST(1)NAME
dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
SYNOPSIS
openssl dgst [-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1] [-c] [-d] [-hex] [-binary] [-out filename] [-sign filename] [-verify file-
name] [-prverify filename] [-signature filename] [file...]
[md5|md4|md2|sha1|sha|mdc2|ripemd160] [-c] [-d] [file...]
DESCRIPTION
The digest functions output the message digest of a supplied file or files in hexadecimal form. They can also be used for digital signing
and verification.
OPTIONS -c print out the digest in two digit groups separated by colons, only relevant if hex format output is used.
-d print out BIO debugging information.
-hex
digest is to be output as a hex dump. This is the default case for a "normal" digest as opposed to a digital signature.
-binary
output the digest or signature in binary form.
-out filename
filename to output to, or standard output by default.
-sign filename
digitally sign the digest using the private key in "filename".
-verify filename
verify the signature using the the public key in "filename". The output is either "Verification OK" or "Verification Failure".
-prverify filename
verify the signature using the the private key in "filename".
-signature filename
the actual signature to verify.
-rand file(s)
a file or files containing random data used to seed the random number generator, or an EGD socket (see RAND_egd(3)). Multiple files
can be specified separated by a OS-dependent character. The separator is ; for MS-Windows, , for OpenVMS, and : for all others.
file...
file or files to digest. If no files are specified then standard input is used.
NOTES
The digest of choice for all new applications is SHA1. Other digests are however still widely used.
If you wish to sign or verify data using the DSA algorithm then the dss1 digest must be used.
A source of random numbers is required for certain signing algorithms, in particular DSA.
The signing and verify options should only be used if a single file is being signed or verified.
0.9.7a 2000-09-04 DGST(1)