1PESIGN-CLIENT(1)            General Commands Manual           PESIGN-CLIENT(1)
2
3
4

NAME

6       pesign-client - command line tool for signing UEFI applications
7
8

SYNOPSIS

10       pesign [--in=infile | -i infile]
11              [--out=outfile | -o outfile]
12              [--export=exportfile | -e exportfile]
13              [--token=token | -t token]
14              [--certificate=nickname | -c nickname]
15              [--unlock | -u] [--kill | -k] [--sign | -s] [ --is-unlocked | -q
16       ]
17              [--pinfd=pinfd | -f pinfd]
18              [--pinfile=pinfile | -F pinfile]
19
20

DESCRIPTION

22       pesign is a command line tool for manipulating signatures  and  crypto‐
23       graphic digests of UEFI applications.
24
25

OPTIONS

27       --unlock
28              Unlock  the  specified  token.   A  PIN  -  specified  by one of
29              --pinfd,    --pinfile,    or    the    environmental    variable
30              PESIGN_TOKEN_PIN  -  is  required for this operation to succeed.
31              The PIN may be empty, if that is what is required for the  token
32              specified with --token.
33
34              --is-unlocked Query a token specified with --token for lock sta‐
35              tus.
36
37
38       --pinfd=pinfd
39              When using --unlock, read the token's PIN  from  the  open  file
40              descriptor pinfd.
41
42
43       --pinfile=pinfile
44              When using --unlock, read the token's PIN from the file pinfile.
45
46
47       --sign
48              Sign the binary specified by infile.
49
50
51       --export
52              When used with --sign, write the signature to outfile.
53
54
55       --infile=infile
56              When used with --sign, specify the input binary.
57
58
59       --outfile=outfile
60              When  used  with  --sign, specify output file.  If --detached is
61              specified, this will be a DER-formatted  signature.   Otherwise,
62              the output will be the signed PE binary.
63
64
65       --token=token
66              When used with --unlock or --sign, use the specified NSS token's
67              certificate database.
68
69
70       --certificate=nickname
71              When used with --sign, use the certificate database  entry  with
72              the specified nickname for signing.
73
74
75       --kill
76              Terminate the signing server.
77
78

SEE ALSO

80       pesign(1)
81
82

AUTHORS

84       Peter Jones
85
86
87
88                                Mon Oct 15 2012               PESIGN-CLIENT(1)
Impressum