NAME¶

pesign-client — tool for signing UEFI applications with a pesign server

SYNOPSIS¶

pesign-client [-i file] [-o file] [-e file] [-t token] [-c nickname] ⟨[-k |] [-q |] [-s |] [-u]⟩ [-f fd] [-F file]

DESCRIPTION¶

pesign-client is a command line tool for manipulating signatures and cryptographic digests of UEFI applications.

OPTIONS¶

-i file | --infile file: The input binary file to be signed with --sign
-o file | --outfile file: The output binary file to be signed with --sign
-e file | --export file: Export signature from --sign to file
-t token | --token token: Sign using NSS token token
-c nickname | --certificate nickname: Sign using NSS certificate nickname
-k | --kill: Kill the pesign server
-q | --is-unlocked: Query the lock status of the token specified by --token
-s | --sign: Sign the file specified by --infile
-u | --unlock: Unlock the token specified with --token using the PIN read from --pinfd or --pinfile, or specified by PESIGN_TOKEN_PIN
-f fd | --pinfd fd: File descriptor to read the PIN from for --unlock
-F file | --pinfile file: File to read the PIN from for unlock

ENVIRONMENT¶

PESIGN_TOKEN_PIN: PIN for use with --unlock for the token specified by -fl -token

AUTHORS¶

Peter Jones

June 4, 2020

Linux

Source file:	pesign-client.1.en.gz (from pesign 116-8.1)
Source last updated:	2025-03-03T02:52:58Z
Converted to HTML:	2025-10-31T03:07:14Z