Your company here — click to reach over 10,000 unique daily visitors

signver - Man Page

Verify a detached PKCS#7 signature for a file.


signtool -A | -V  -d directory [-a] [-i input_file] [-o output_file] [-s signature_file] [-v]


This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477[1]


The Signature Verification Tool, signver, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.



Displays all of the information in the PKCS#7 signature.


Verifies the digital signature.

-d directory

Specify the database directory which contains the certificates and keys.

signver supports SQLite databases (cert9.db, key4.db, and pkcs11.txt).


Sets that the given signature file is in ASCII format.

-i input_file

Gives the input file for the object with signed data.

-o output_file

Gives the output file to which to write the results.

-s signature_file

Gives the input file for the digital signature.


Enables verbose output.

Extended Examples

Verifying a Signature

The -V option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).

signver -V -s signature_file -i signed_file -d /home/my/sharednssdb


Printing Signature Data

The -A option prints all of the information contained in a signature file. Using the -o option prints the signature file information to the given output file rather than stdout.

signver -A -s signature_file -o output_file

NSS Database Types

NSS originally used BerkeleyDB databases to store security information. The last versions of these legacy databases are:

BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS requires more flexibility to provide a truly shared security database.

In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkleyDB. These new databases provide more accessibility and performance:

Because the SQLite databases are designed to be shared, these are the shared database type. The shared database type is preferred; the legacy format is included for backward compatibility.

By default, the tools (certutil, pk12util, modutil) assume that the given security databases use the SQLite type.

For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:

See Also

signtool (1)

The NSS wiki has information on the new database design and how to configure applications to use it.

Additional Resources

For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

IRC: Freenode at #dogtag-pki


The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.


Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.



Mozilla NSS bug 836477

Referenced By


21 June 2024 nss-tools NSS Security Tools