1PESIGN(1)                   General Commands Manual                  PESIGN(1)
2
3
4

NAME

6       pesign - command line tool for signing UEFI applications
7
8

SYNOPSIS

10       pesign [--in=infile | -i infile]
11              [--out=outfile | -o outfile]
12              [--certdir=certdir/fR | -n certdir]
13              [--nss-token=token | -t token]
14              [--certificate=nickname | -c nickname]
15              [--force | -f] [--sign | -s] [--hash | -h]
16              [--digest_type=digest | -d digest]
17              [--show-signature | -S ] [--remove-signature | -r ]
18              [--export-pubkey=outkey | -K outkey]
19              [--export-cert=outcert | -C outcert]
20              [--ascii-armor | -a] [--daemonize | -D] [--nofork | -N]
21              [--signature-number=signum | -u signum]
22
23

DESCRIPTION

25       pesign  is  a command line tool for manipulating signatures and crypto‐
26       graphic digests of UEFI applications.
27
28

OPTIONS

30       --in=infile
31              Specify input binary.
32
33
34       --out=outfile
35              Specify output binary.
36
37
38       --certdir=certdir
39              Specify nss certificate database directory.
40
41
42       --nss-token=token
43              Use the specified NSS token's certificate database.
44
45
46       --certificate=nickname
47              Use the certificate database entry with the  specified  nickname
48              for signing.
49
50
51       --force
52              Overwrite  output  files.  Without  this  parameter, pesign will
53              refuse to overrite any output files which already exist.
54
55
56       --sign Sign the input binary with the key specified by --certificate.
57
58
59       --hash Display the cryptographic digest of the input binary on standard
60              output.
61
62
63       --digest_type=digest
64              Use  the  specified digest in hashing and signing operations. By
65              default, this value is "sha256".   Use  "--digest_type=help"  to
66              list the available digests.
67
68
69       --show-signature
70              Show information about the signature of the input binary.
71
72
73       --remove-signature
74              Remove the signature section from the binary.
75
76
77       --signature-number=signum
78              Specify  which  signature  to  operate  on.  This field is zero-
79              indexed.
80
81
82       --export-pubkey=outkey
83              Export the public key specified by --certificate to outkey
84
85
86       --export-cert=outcert
87              Export the certificate specified by --certificate to outcert
88
89
90       --ascii
91              Use ascii armoring on exported certificates.
92
93
94       --daemonize
95              Spawn a daemon for use with pesign-client(1)
96
97
98       --nofork
99              Do not fork when using --daemonize.
100
101

SEE ALSO

103       pesign-client(1)
104
105

AUTHORS

107       Peter Jones
108
109
110
111                                Thu Jun 21 2012                      PESIGN(1)