1SIGNVER(1)                    NSS Security Tools                    SIGNVER(1)
2
3
4

NAME

6       signver - Verify a detached PKCS#7 signature for a file.
7

SYNOPSIS

9       signtool -A | -V  -d directory [-a] [-i input_file] [-o output_file]
10                [-s signature_file] [-v]
11

STATUS

13       This documentation is still work in progress. Please contribute to the
14       initial review in Mozilla NSS bug 836477[1]
15

DESCRIPTION

17       The Signature Verification Tool, signver, is a simple command-line
18       utility that unpacks a base-64-encoded PKCS#7 signed object and
19       verifies the digital signature using standard cryptographic techniques.
20       The Signature Verification Tool can also display the contents of the
21       signed object.
22

OPTIONS

24       -A
25           Displays all of the information in the PKCS#7 signature.
26
27       -V
28           Verifies the digital signature.
29
30       -d directory
31           Specify the database directory which contains the certificates and
32           keys.
33
34           signver supports SQLite databases (cert9.db, key4.db, and
35           pkcs11.txt).
36
37       -a
38           Sets that the given signature file is in ASCII format.
39
40       -i input_file
41           Gives the input file for the object with signed data.
42
43       -o output_file
44           Gives the output file to which to write the results.
45
46       -s signature_file
47           Gives the input file for the digital signature.
48
49       -v
50           Enables verbose output.
51

EXTENDED EXAMPLES

53   Verifying a Signature
54       The -V option verifies that the signature in a given signature file is
55       valid when used to sign the given object (from the input file).
56
57           signver -V -s signature_file -i signed_file -d /home/my/sharednssdb
58
59           signatureValid=yes
60
61   Printing Signature Data
62       The -A option prints all of the information contained in a signature
63       file. Using the -o option prints the signature file information to the
64       given output file rather than stdout.
65
66           signver -A -s signature_file -o output_file
67

NSS DATABASE TYPES

69       NSS originally used BerkeleyDB databases to store security information.
70       The last versions of these legacy databases are:
71
72       •   cert8.db for certificates
73
74       •   key3.db for keys
75
76       •   secmod.db for PKCS #11 module information
77
78       BerkeleyDB has performance limitations, though, which prevent it from
79       being easily used by multiple applications simultaneously. NSS has some
80       flexibility that allows applications to use their own, independent
81       database engine while keeping a shared database and working around the
82       access issues. Still, NSS requires more flexibility to provide a truly
83       shared security database.
84
85       In 2009, NSS introduced a new set of databases that are SQLite
86       databases rather than BerkleyDB. These new databases provide more
87       accessibility and performance:
88
89       •   cert9.db for certificates
90
91       •   key4.db for keys
92
93       •   pkcs11.txt, which is listing of all of the PKCS #11 modules
94           contained in a new subdirectory in the security databases directory
95
96       Because the SQLite databases are designed to be shared, these are the
97       shared database type. The shared database type is preferred; the legacy
98       format is included for backward compatibility.
99
100       By default, the tools (certutil, pk12util, modutil) assume that the
101       given security databases use the SQLite type.
102
103       •   https://wiki.mozilla.org/NSS_Shared_DB_Howto
104
105       For an engineering draft on the changes in the shared NSS databases,
106       see the NSS project wiki:
107
108       •   https://wiki.mozilla.org/NSS_Shared_DB
109

SEE ALSO

111       signtool (1)
112
113       The NSS wiki has information on the new database design and how to
114       configure applications to use it.
115
116       •   Setting up the shared NSS database
117
118           https://wiki.mozilla.org/NSS_Shared_DB_Howto
119
120       •   Engineering and technical information about the shared NSS database
121
122           https://wiki.mozilla.org/NSS_Shared_DB
123

ADDITIONAL RESOURCES

125       For information about NSS and other tools related to NSS (like JSS),
126       check out the NSS project wiki at
127       http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
128       directly to NSS code changes and releases.
129
130       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto
131
132       IRC: Freenode at #dogtag-pki
133

AUTHORS

135       The NSS tools were written and maintained by developers with Netscape,
136       Red Hat, Sun, Oracle, Mozilla, and Google.
137
138       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
139       <dlackey@redhat.com>.
140

LICENSE

142       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL
143       was not distributed with this file, You can obtain one at
144       http://mozilla.org/MPL/2.0/.
145

NOTES

147        1. Mozilla NSS bug 836477
148           https://bugzilla.mozilla.org/show_bug.cgi?id=836477
149
150
151
152nss-tools                       11 January 2023                     SIGNVER(1)