NAME

pesign-client — tool for signing UEFI applications with a pesign server

SYNOPSIS

pesign-client [-i file] [-o file] [-e file] [-t token] [-c nickname] ⟨[-k |] [-q |] [-s |] [-u]⟩ [-f fd] [-F file]

DESCRIPTION

pesign-client is a command line tool for manipulating signatures and cryptographic digests of UEFI applications.

OPTIONS

-i file | --infile file: The input binary file to be signed with --sign
-o file | --outfile file: The output binary file to be signed with --sign
-e file | --export file: Export signature from --sign to file
-t token | --token token: Sign using NSS token token
-c nickname | --certificate nickname: Sign using NSS certificate nickname
-k | --kill: Kill the pesign server
-q | --is-unlocked: Query the lock status of the token specified by --token
-s | --sign: Sign the file specified by --infile
-u | --unlock: Unlock the token specified with --token using the PIN read from --pinfd or --pinfile, or specified by PESIGN_TOKEN_PIN
-f fd | --pinfd fd: File descriptor to read the PIN from for --unlock
-F file | --pinfile file: File to read the PIN from for unlock

ENVIRONMENT

PESIGN_TOKEN_PIN: PIN for use with --unlock for the token specified by -fl -token

AUTHORS

Peter Jones

June 4, 2020

Linux