PESIGN(1) General Commands Manual PESIGN(1)
NAME
pesign - command line tool for signing UEFI applications
SYNOPSIS
pesign [--in=infile | -i infile]
[--out=outfile | -o outfile]
[--token=token | -t token]
[--certificate=nickname | -c nickname]
[--force | -f] [--sign | -s] [--hash | -h]
[--digest_type=digest | -d digest]
[--show-signature | -S ] [--remove-signature | -r ]
[--export-pubkey=outkey | -K outkey]
[--export-cert=outcert | -C outcert]
[--ascii-armor | -a] [--daemonize | -D] [--nofork | -N]
DESCRIPTION
pesign is a command line tool for manipulating signatures and cryptographic digests of UEFI applications.
OPTIONS
--in=infile
Specify input binary.
--out=outfile
Specify output binary.
--token=token
Use the specified NSS token's certificate database.
--certificate=nickname
Use the certificate database entry with the specified nickname for signing.
--force
Overwrite output files. Without this parameter, pesign will refuse to overrite any output files which already exist.
--sign Sign the input binary with the key specified by --certificate.
--hash Display the cryptographic digest of the input binary on standard output.
--digest_type=digest
Use the specified digest in hashing and signing operations. By default, this value is "sha256". Use "--digest=help" to list the
available digests.
--show-signature
Show information about the signature of the input binary.
--remove-signature
Remove the signature section from the binary.
--export-pubkey=outkey
Export the public key specified by --certificate to outkey
--export-cert=outcert
Export the certificate specified by --certificate to outcert
--ascii
Use ascii armoring on exported certificates.
--daemonize
Spawn a daemon for use with pesign-client(1)
--nofork
Do not fork when using --daemonize.
SEE ALSO
pesign-client(1)
AUTHORS
Peter Jones
Thu Jun 21 2012 PESIGN(1)