1PESIGN-CLIENT(1) General Commands Manual PESIGN-CLIENT(1)
2
6 pesign-client - command line tool for signing UEFI applications
7
10 pesign [--in=infile | -i infile]
11 [--out=outfile | -o outfile]
12 [--export=exportfile | -e exportfile]
13 [--token=token | -t token]
14 [--certificate=nickname | -c nickname]
15 [--unlock | -u] [--kill | -k] [--sign | -s] [ --is-unlocked | -q
16 ]
17 [--pinfd=pinfd | -f pinfd]
18 [--pinfile=pinfile | -F pinfile]
19
22 pesign is a command line tool for manipulating signatures and crypto‐
23 graphic digests of UEFI applications.
24
27 --unlock
28 Unlock the specified token. A PIN - specified by one of
29 --pinfd, --pinfile, or the environmental variable
30 PESIGN_TOKEN_PIN - is required for this operation to succeed.
31 The PIN may be empty, if that is what is required for the token
32 specified with --token.
33 --is-unlocked Query a token specified with --token for lock sta‐
35 tus.
36 --pinfd=pinfd
39 When using --unlock, read the token's PIN from the open file
40 descriptor pinfd.
41 --pinfile=pinfile
44 When using --unlock, read the token's PIN from the file pinfile.
45 --sign
48 Sign the binary specified by infile.
49 --export
52 When used with --sign, write the signature to outfile.
53 --infile=infile
56 When used with --sign, specify the input binary.
57 --outfile=outfile
60 When used with --sign, specify output file. If --detached is
61 specified, this will be a DER-formatted signature. Otherwise,
62 the output will be the signed PE binary.
63 --token=token
66 When used with --unlock or --sign, use the specified NSS token's
67 certificate database.
68 --certificate=nickname
71 When used with --sign, use the certificate database entry with
72 the specified nickname for signing.
73 --kill
76 Terminate the signing server.
77
80 pesign(1)
81
84 Peter Jones
85 Mon Oct 15 2012 PESIGN-CLIENT(1)