netbsd man page for nbsvtool

Query: nbsvtool

OS: netbsd

Section: 1

Links: netbsd man pages   all man pages

Forums: unix linux community   forum categories

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

NBSVTOOL(1)						    BSD General Commands Manual 					       NBSVTOOL(1)


NAME

     nbsvtool -- create and verify detached signatures of files


SYNOPSIS

     nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file] [-k private-key-file] [-u required-key-usage] command
	      args ...


DESCRIPTION

     nbsvtool is used to create and verify detached X509 signatures of files.  Private keys and certificates are expected to be PEM encoded, sig-
     natures are in PEM/SMIME format.

     Supported commands:

     sign file			       Sign file, placing the signature in file.sp7.  The options -f and -k are required for this command.

     verify file [signature]	       Verify signature for file.  If signature is not specified, file.sp7 is used.

     verify-code file [signature]      This is a short cut for verify with the option -u code.

     Supported options:

     -a anchor-certificates	   A file containing one or more (concatenated) keys that are considered trusted.

     -c certificate-chain	   A file containing additional certificates that will be added to the signature when creating one.  They will be
				   used to fill missing links in the trust chain when verifying the signature.

     -f certificate-file	   A file containing the certificate to use for signing.  The certificate must match the key given by -k.

     -k private-key-file	   A file containing the private key to use for signing.

     -u required-key-usage	   Verify that the extended key-usage attribute in the signing certificate matches required-key-usage.	Otherwise,
				   the signature is rejected.  key usage can be one of: ``ssl-server'', ``ssl-client'', ``code'', or ``smime''.

     -v 			   Print verbose information about the signing certificate.


EXIT STATUS

     The nbsvtool utility exits 0 on success, and >0 if an error occurs.


EXAMPLES

     Create signature file hello.sp7 for file hello.  The private key is found in file key, the matching certificate is in cert, additional cer-
     tificates from cert-chain are included in the created signature.
	   nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7

     Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing.	Certificates in
     anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
	   nbsvtool -a anchor-file verify-code hello hello.sp7


SEE ALSO

     openssl_smime(1)


CAVEATS

     As there is currently no default trust anchor, you must explicilty specify one with -a, otherwise no verification can succeed.


BSD
								  March 11, 2009							       BSD
Related Man Pages
productsign(1) - osx
pesign(1) - centos
lprng_certs(1) - opendarwin
lprng_certs(1) - php
lprng_certs(1) - x11r4
Similar Topics in the Unix Linux Community
Debian: 2076-1: gnupg2: use-after-free
SCEP and Trust Anchor
Script to check Digital Certificates Expiration
Solaris LDAPCLIENT accept CA
SSL certificate generation error 8016