Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
pdfsig(1)		    General Commands Manual		     pdfsig(1)

NAME
       pdfsig -	Portable Document Format (PDF) digital signatures tool

SYNOPSIS
       pdfsig [options]	[PDF-file] [Output-file]

DESCRIPTION
       pdfsig verifies the digital signatures in a PDF document.  It also dis-
       plays  the  identity  of	each signer (commonName	field and full distin-
       guished name of the signer certificate),	the time and date of the  sig-
       nature,	the hash algorithm used	for signing, the type of the signature
       as stated in the	PDF and	the signed ranges with a statement wether  the
       total  document	is  signed.   It  can also sign	PDF documents (options
       -add-signature or -sign).

       pdfsig uses the trusted certificates stored either in the Network Secu-
       rity Services (NSS) Database or in GnuPG's S/MIME system	(gpgsm).

       pdfsig also uses	the Online Certificate Status Protocol	(OCSP)	(refer
       to  http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
       look up the certificate online and check	if it has been revoked (unless
       -no-ocsp	has been specified).

       If the NSS backend is used, the NSS Database is	searched  for  in  the
       following locations:

             If  the  -nssdir option is specified, the	directory specified by
	      this option.

             The NSS Certificate database in  the  default  Firefox  profile.
	      i.e. $HOME/.mozilla/firefox/*.default.

             The NSS Certificate database in /etc/pki/nssdb.

       If  the	GPG  backend  is  used,	 the  S/MIME  certificate is read from
       $GNUPGHOME, defaulting to $HOME/.gnupg

OPTIONS
       -nssdir [prefix]directory
	      Specify the database directory containing	 the  certificate  and
	      key database files. See certutil(1) -d option for	details	of the
	      prefix. If not specified the other search	locations described in
	      DESCRIPTION are used.

       -nss-pwd	password
	      Specify the password needed to access the	NSS database (if any).

       -nocert
	      Do not validate the certificate.

       -no-ocsp
	      Do  not  perform online OCSP certificate revocation check	(local
	      Certificate Revocation Lists (CRL) are still used).

       -no-appearance
	      Do not add appearance information	when signing  existing	fields
	      (signer name and date).

       -aia   Enable  the  use of Authority Information	Access (AIA) extension
	      to fetch missing certificates to build the certificate chain.

       -dump  Dump all signatures into current directory in their native  for-
	      mat.  Most  likely  it  is  either  a  unpadded  or  zero-padded
	      CMS/PKCS7	bundle.

       -add-signature
	      Add a new	signature to the document.

       -new-signature-field-name  name
	      Specifies	the field name to be used when adding a	new signature.
	      A	random ID will be used by default.

       -sign  field
	      Sign the document	in the specified signature  field  present  in
	      the  document  (must  be	unsigned).   Field can be specified by
	      field name (string) or the n-th signature	field in the  document
	      (integer).

       -nick  nickname
	      Use  the	certificate  with  the given nickname for signing (NSS
	      backend).	If nickname  starts  with  pkcs11:,  it's  treated  as
	      PKCS#11 URI (NSS backend). If the	nickname is given as a finger-
	      print, it	will be	the certificate	used (GPG backend)

       -backend	 backend
	      Use the specified	backeng	for cryptographic signatures

       -kpw  password
	      Use  the given password for the signing key (this	might be miss-
	      ing if the key isn't password protected).

       -digest	algorithm
	      Use the given digest algorithm for signing (default: SHA256).

       -reason	reason
	      Set the given reason string for the signature (default: no  rea-
	      son set).

       -etsi  Create  a	 signature  of	type  ETSI.CAdES.detached  instead  of
	      adbe.pkcs7.detached.

       -list-nicks
	      List available nicknames in the NSS database.

       -list-backends
	      List available backends for cryptographic	signatures

       -v     Print copyright and version information.

       -h     Print usage information.	(-help and --help are equivalent.)

EXAMPLES
       pdfsig signed_file.pdf
	      Displays signature info for signed_file.pdf.

       pdfsig input.pdf	output.pdf -add-signature -nss-pwd password -nick my-
       cert -reason 'for fun!'
	      Creates a	new pdf	named output.pdf  with	the  contents  of  in-
	      put.pdf signed by	the 'my-cert' certificate.

       pdfsig input.pdf	output.pdf -add-signature -nss-pwd password -nick
       'pkcs11:token=smartcard0;object=Second%20certificate;type=cert'
	      Same,  but uses a	PKCS#11	URI as defined in IETF RFC 7512	to se-
	      lect the certificate to be used for signing.

       pdfsig input.pdf	output.pdf -sign 0 -nss-pwd password -nick my-cert
       -reason 'for fun!'
	      Creates a	new pdf	named output.pdf  with	the  contents  of  in-
	      put.pdf signed by	the 'my-cert' certificate. input.pdf must have
	      an already existing un-signed signature field.

AUTHOR
       The  pdfsig  software and documentation are copyright 1996-2004 Glyph &
       Cog, LLC	and copyright 2005-2015	The Poppler Developers	-  http://pop-
       pler.freedesktop.org

SEE ALSO
       pdfdetach(1),  pdffonts(1),  pdfimages(1),  pdfinfo(1),	pdftocairo(1),
       pdftohtml(1),  pdftoppm(1),  pdftops(1),	 pdftotext(1)  pdfseparate(1),
       pdfunite(1) certutil(1)

				28 October 2015			     pdfsig(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pdfsig&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help