NBSVTOOL(1) | General Commands Manual | NBSVTOOL(1) |
nbsvtool
—
nbsvtool |
[-v ] [-a
anchor-certificates] [-c
certificate-chain] [-f
certificate-file] [-k
private-key-file] [-u
required-key-usage] command
args ... |
nbsvtool
is used to create and verify detached X509
signatures of files. Private keys and certificates are expected to be PEM
encoded, signatures are in PEM/SMIME format.
Supported commands:
-f
and -k
are required for
this command.-u
code.Supported options:
-a
anchor-certificates-c
certificate-chain-f
certificate-file-k
.-k
private-key-file-u
required-key-usage-v
nbsvtool
utility exits 0 on success,
and >0 if an error occurs.
nbsvtool -k key -f cert -c cert-chain
sign hello hello.sp7
Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing. Certificates in anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
nbsvtool -a anchor-file verify-code
hello hello.sp7
-a
, otherwise no verification can succeed.
March 11, 2009 | NetBSD 9.4 |