1pdfsig(1) General Commands Manual pdfsig(1)
2
6 pdfsig - Portable Document Format (PDF) digital signatures tool
7
9 pdfsig [options] [PDF-file] [Output-file]
10
12 pdfsig verifies the digital signatures in a PDF document. It also dis‐
13 plays the identity of each signer (commonName field and full distin‐
14 guished name of the signer certificate), the time and date of the sig‐
15 nature, the hash algorithm used for signing, the type of the signature
16 as stated in the PDF and the signed ranges with a statement wether the
17 total document is signed. It can also sign PDF documents (options
18 -add-signature or -sign).
19 pdfsig uses the trusted certificates stored in the Network Security
21 Services (NSS) Database.
22 pdfsig also uses the Online Certificate Status Protocol (OCSP) (refer
24 to http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
25 look up the certificate online and check if it has been revoked (unless
26 -no-ocsp has been specified).
27 The NSS Database is searched for in the following locations:
29 • If the -nssdir option is specified, the directory specified by
31 this option.
32 • The NSS Certificate database in the default Firefox profile.
34 i.e. $HOME/.mozilla/firefox/*.default.
35 • The NSS Certificate database in /etc/pki/nssdb.
37
39 -nssdir [prefix]directory
40 Specify the database directory containing the certificate and
41 key database files. See certutil(1) -d option for details of the
42 prefix. If not specified the other search locations described in
43 DESCRIPTION are used.
44 -nss-pwd password
46 Specify the password needed to access the NSS database (if any).
47 -nocert
49 Do not validate the certificate.
50 -no-ocsp
52 Do not perform online OCSP certificate revocation check (local
53 Certificate Revocation Lists (CRL) are still used).
54 -aia Enable the use of Authority Information Access (AIA) extension
56 to fetch missing certificates to build the certificate chain.
57 -dump Dump all signatures into current directory.
59 -add-signature
61 Add a new signature to the document.
62 -new-signature-field-name name
64 Specifies the field name to be used when adding a new signature.
65 A random ID will be used by default.
66 -sign n
68 Sign the document in the n-th signature field present in the
69 document (must be unsigned).
70 -nick nickname
72 Use the certificate with the given nickname for signing.
73 -kpw password
75 Use the given password for the signing key (this might be miss‐
76 ing if the key isn't password protected).
77 -digest algorithm
79 Use the given digest algorithm for signing (default: SHA256).
80 -reason reason
82 Set the given reason string for the signature (default: no rea‐
83 son set).
84 -etsi Create a signature of type ETSI.CAdES.detached instead of
86 adbe.pkcs7.detached.
87 -list-nicks
89 List available nicknames in the NSS database.
90 -v Print copyright and version information.
92 -h Print usage information. (-help and --help are equivalent.)
94
96 pdfsig signed_file.pdf
97 Displays signature info for signed_file.pdf.
98 pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-
100 cert -reason 'for fun!'
101 Creates a new pdf named output.pdf with the contents of in‐
102 put.pdf signed by the 'my-cert' certificate.
103 pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert
105 -reason 'for fun!'
106 Creates a new pdf named output.pdf with the contents of in‐
107 put.pdf signed by the 'my-cert' certificate. input.pdf must have
108 an already existing un-signed signature field.
109
111 The pdfsig software and documentation are copyright 1996-2004 Glyph &
112 Cog, LLC and copyright 2005-2015 The Poppler Developers - http://pop‐
113 pler.freedesktop.org
114
116 pdfdetach(1), pdffonts(1), pdfimages(1), pdfinfo(1), pdftocairo(1),
117 pdftohtml(1), pdftoppm(1), pdftops(1), pdftotext(1) pdfseparate(1),
118 pdfunite(1) certutil(1)
119 28 October 2015 pdfsig(1)