pesign-client man page

pesign-client — command line tool for signing UEFI applications

Synopsis

pesign [--in=infile | -i infile]
      [--out=outfile | -o outfile]
      [--export=exportfile | -e exportfile]
      [--token=token | -t token]
      [--certificate=nickname | -c nickname]
      [--unlock | -u] [--kill | -k] [--sign | -s] [ --is-unlocked | -q ]
      [--pinfd=pinfd | -f pinfd]
      [--pinfile=pinfile | -F pinfile]

Description

pesign is a command line tool for manipulating signatures and  cryptographic digests of UEFI applications.

Options

--unlock

Unlock the specified token.  A PIN - specified by one of --pinfd, --pinfile, or the environmental variable PESIGN_TOKEN_PIN - is required for this operation to succeed.  The PIN may be empty, if that is what is required for the token specified with --token.

--is-unlocked Query a token specified with --token for lock status.

--pinfd=pinfd

When using --unlock, read the token's PIN from the open file descriptor pinfd.

--pinfile=pinfile

When using --unlock, read the token's PIN from the file pinfile.

--sign

Sign the binary specified by infile.

--export

When used with --sign, write the signature to outfile.

--infile=infile

When used with --sign, specify the input binary.

--outfile=outfile

When used with --sign, specify output file.  If --detached is specified, this will be a DER-formatted signature.  Otherwise, the output will be the signed PE binary.

--token=token

When used with --unlock or --sign, use the specified NSS token's certificate database.

--certificate=nickname

When used with --sign, use the certificate database entry with the specified nickname for signing.

--kill

Terminate the signing server.

See Also

pesign(1)

Authors

Peter Jones

Referenced By

pesign(1).

Mon Oct 15 2012