Unix/Linux Go Back    

NetBSD 6.1.5 - man page for nbsvtool (netbsd section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

NBSVTOOL(1)			   BSD General Commands Manual			      NBSVTOOL(1)

     nbsvtool -- create and verify detached signatures of files

     nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file]
	      [-k private-key-file] [-u required-key-usage] command args ...

     nbsvtool is used to create and verify detached X509 signatures of files.  Private keys and
     certificates are expected to be PEM encoded, signatures are in PEM/SMIME format.

     Supported commands:

     sign file			       Sign file, placing the signature in file.sp7.  The options
				       -f and -k are required for this command.

     verify file [signature]	       Verify signature for file.  If signature is not specified,
				       file.sp7 is used.

     verify-code file [signature]      This is a short cut for verify with the option -u code.

     Supported options:

     -a anchor-certificates	   A file containing one or more (concatenated) keys that are
				   considered trusted.

     -c certificate-chain	   A file containing additional certificates that will be added
				   to the signature when creating one.	They will be used to fill
				   missing links in the trust chain when verifying the signature.

     -f certificate-file	   A file containing the certificate to use for signing.  The
				   certificate must match the key given by -k.

     -k private-key-file	   A file containing the private key to use for signing.

     -u required-key-usage	   Verify that the extended key-usage attribute in the signing
				   certificate matches required-key-usage.  Otherwise, the signa-
				   ture is rejected.  key usage can be one of: ``ssl-server'',
				   ``ssl-client'', ``code'', or ``smime''.

     -v 			   Print verbose information about the signing certificate.

     The nbsvtool utility exits 0 on success, and >0 if an error occurs.

     Create signature file hello.sp7 for file hello.  The private key is found in file key, the
     matching certificate is in cert, additional certificates from cert-chain are included in the
     created signature.
	   nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7

     Verify that the signature hello.sp7 is valid for file hello and that the signing certificate
     allows code signing.  Certificates in anchor-file are considered trusted, and there must be
     a certificate chain from one of those certificates to the signing certificate.
	   nbsvtool -a anchor-file verify-code hello hello.sp7


     As there is currently no default trust anchor, you must explicilty specify one with -a, oth-
     erwise no verification can succeed.

BSD					  March 11, 2009				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 07:50 AM.