1PESIGN-CLIENT(1) General Commands Manual PESIGN-CLIENT(1)
2
6 pesign-client - command line tool for signing UEFI applications
7
10 pesign [--in=infile | -i infile]
11 [--out=outfile | -o outfile]
12 [--export=exportfile | -e exportfile]
13 [--token=token | -t token]
14 [--certificate=nickname | -c nickname]
15 [--unlock | -u] [--kill | -k] [--sign | -s]
16 [--pinfd=pinfd | -f pinfd]
17 [--pinfile=pinfile | -F pinfile]
18
21 pesign is a command line tool for manipulating signatures and crypto‐
22 graphic digests of UEFI applications.
23
26 --unlock
27 Unlock the specified token. A PIN - specified by one of
28 --pinfd, --pinfile, or the environmental variable
29 PESIGN_TOKEN_PIN - is required for this operation to succeed.
30 The PIN may be empty, if that is what is required for the token
31 specified with --token.
32 --pinfd=pinfd
35 When using --unlock, read the token's PIN from the open file
36 descriptor pinfd.
37 --pinfile=pinfile
40 When using --unlock, read the token's PIN from the file pinfile.
41 --sign
44 Sign the binary specified by infile.
45 --export
48 When used with --sign, write the signature to outfile.
49 --infile=infile
52 When used with --sign, specify the input binary.
53 --outfile=outfile
56 When used with --sign, specify output file. If --detached is
57 specified, this will be a DER-formatted signature. Otherwise,
58 the output will be the signed PE binary.
59 --token=token
62 When used with --unlock or --sign, use the specified NSS token's
63 certificate database.
64 --certificate=nickname
67 When used with --sign, use the certificate database entry with
68 the specified nickname for signing.
69 --kill
72 Terminate the signing server.
73
76 pesign(1)
77
80 Peter Jones
81 Mon Oct 15 2012 PESIGN-CLIENT(1)