|Linux & Unix Commands - Search Man Pages
NBSVTOOL(1) BSD General Commands Manual NBSVTOOL(1)
nbsvtool -- create and verify detached signatures of files
nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file]
[-k private-key-file] [-u required-key-usage] command args ...
nbsvtool is used to create and verify detached X509 signatures of files. Private keys and
certificates are expected to be PEM encoded, signatures are in PEM/SMIME format.
sign file Sign file, placing the signature in file.sp7. The options
-f and -k are required for this command.
verify file [signature] Verify signature for file. If signature is not specified,
file.sp7 is used.
verify-code file [signature] This is a short cut for verify with the option -u code.
-a anchor-certificates A file containing one or more (concatenated) keys that are
-c certificate-chain A file containing additional certificates that will be added
to the signature when creating one. They will be used to fill
missing links in the trust chain when verifying the signature.
-f certificate-file A file containing the certificate to use for signing. The
certificate must match the key given by -k.
-k private-key-file A file containing the private key to use for signing.
-u required-key-usage Verify that the extended key-usage attribute in the signing
certificate matches required-key-usage. Otherwise, the signa-
ture is rejected. key usage can be one of: ``ssl-server'',
``ssl-client'', ``code'', or ``smime''.
-v Print verbose information about the signing certificate.
The nbsvtool utility exits 0 on success, and >0 if an error occurs.
Create signature file hello.sp7 for file hello. The private key is found in file key, the
matching certificate is in cert, additional certificates from cert-chain are included in the
nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7
Verify that the signature hello.sp7 is valid for file hello and that the signing certificate
allows code signing. Certificates in anchor-file are considered trusted, and there must be
a certificate chain from one of those certificates to the signing certificate.
nbsvtool -a anchor-file verify-code hello hello.sp7
As there is currently no default trust anchor, you must explicilty specify one with -a, oth-
erwise no verification can succeed.
BSD March 11, 2009 BSD
All times are GMT -4. The time now is 07:50 AM.