nbsvtool man page on NetBSD
Man page or keyword search:  
man Server   9087 pages
apropos Keyword Search (all sections)
Output format
NetBSD logo
[printable version] 
NBSVTOOL(1)		  BSD General Commands Manual		   NBSVTOOL(1)

NAME
     nbsvtool — create and verify detached signatures of files

SYNOPSIS
     nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain]
	      [-f certificate-file] [-k private-key-file]
	      [-u required-key-usage] command args ...

DESCRIPTION
     nbsvtool is used to create and verify detached X509 signatures of files.
     Private keys and certificates are expected to be PEM encoded, signatures
     are in PEM/SMIME format.

     Supported commands:

     sign file			       Sign file, placing the signature in
				       file.sp7.  The options -f and -k are
				       required for this command.

     verify file [signature]	       Verify signature for file.  If
				       signature is not specified, file.sp7 is
				       used.

     verify-code file [signature]      This is a short cut for verify with the
				       option -u code.

     Supported options:

     -a anchor-certificates	   A file containing one or more (concate‐
				   nated) keys that are considered trusted.

     -c certificate-chain	   A file containing additional certificates
				   that will be added to the signature when
				   creating one.  They will be used to fill
				   missing links in the trust chain when veri‐
				   fying the signature.

     -f certificate-file	   A file containing the certificate to use
				   for signing.	 The certificate must match
				   the key given by -k.

     -k private-key-file	   A file containing the private key to use
				   for signing.

     -u required-key-usage	   Verify that the extended key-usage
				   attribute in the signing certificate
				   matches required-key-usage.	Otherwise, the
				   signature is rejected.  key usage can be
				   one of: “ssl-server”, “ssl-client”, “code”,
				   or “smime”.

     -v				   Print verbose information about the signing
				   certificate.

EXIT STATUS
     The nbsvtool utility exits 0 on success, and >0 if an error occurs.

EXAMPLES
     Create signature file hello.sp7 for file hello.  The private key is found
     in file key, the matching certificate is in cert, additional certificates
     from cert-chain are included in the created signature.
	   nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7

     Verify that the signature hello.sp7 is valid for file hello and that the
     signing certificate allows code signing.  Certificates in anchor-file are
     considered trusted, and there must be a certificate chain from one of
     those certificates to the signing certificate.
	   nbsvtool -a anchor-file verify-code hello hello.sp7

SEE ALSO
     openssl_smime(1)

CAVEATS
     As there is currently no default trust anchor, you must explicilty spec‐
     ify one with -a, otherwise no verification can succeed.

BSD				March 11, 2009				   BSD
[top] 
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/
More information is available in HTML format for server NetBSD

List of man pages available for NetBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net