FreeBSD Manual Pages
pdfsig(1) General Commands Manual pdfsig(1) NAME pdfsig - Portable Document Format (PDF) digital signatures tool SYNOPSIS pdfsig [options] [PDF-file] [Output-file] DESCRIPTION pdfsig verifies the digital signatures in a PDF document. It also dis- plays the identity of each signer (commonName field and full distin- guished name of the signer certificate), the time and date of the sig- nature, the hash algorithm used for signing, the type of the signature as stated in the PDF and the signed ranges with a statement wether the total document is signed. It can also sign PDF documents (options -add-signature or -sign). pdfsig uses the trusted certificates stored either in the Network Secu- rity Services (NSS) Database or in GnuPG's S/MIME system (gpgsm). pdfsig also uses the Online Certificate Status Protocol (OCSP) (refer to http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to look up the certificate online and check if it has been revoked (unless -no-ocsp has been specified). If the NSS backend is used, the NSS Database is searched for in the following locations: • If the -nssdir option is specified, the directory specified by this option. • The NSS Certificate database in the default Firefox profile. i.e. $HOME/.mozilla/firefox/*.default. • The NSS Certificate database in /etc/pki/nssdb. If the GPG backend is used, the S/MIME certificate is read from $GNUPGHOME, defaulting to $HOME/.gnupg OPTIONS -nssdir [prefix]directory Specify the database directory containing the certificate and key database files. See certutil(1) -d option for details of the prefix. If not specified the other search locations described in DESCRIPTION are used. -nss-pwd password Specify the password needed to access the NSS database (if any). -nocert Do not validate the certificate. -no-ocsp Do not perform online OCSP certificate revocation check (local Certificate Revocation Lists (CRL) are still used). -no-appearance Do not add appearance information when signing existing fields (signer name and date). -aia Enable the use of Authority Information Access (AIA) extension to fetch missing certificates to build the certificate chain. -dump Dump all signatures into current directory in their native for- mat. Most likely it is either a unpadded or zero-padded CMS/PKCS7 bundle. -add-signature Add a new signature to the document. -new-signature-field-name name Specifies the field name to be used when adding a new signature. A random ID will be used by default. -sign field Sign the document in the specified signature field present in the document (must be unsigned). Field can be specified by field name (string) or the n-th signature field in the document (integer). -nick nickname Use the certificate with the given nickname for signing (NSS backend). If nickname starts with pkcs11:, it's treated as PKCS#11 URI (NSS backend). If the nickname is given as a finger- print, it will be the certificate used (GPG backend) -backend backend Use the specified backeng for cryptographic signatures -kpw password Use the given password for the signing key (this might be miss- ing if the key isn't password protected). -digest algorithm Use the given digest algorithm for signing (default: SHA256). -reason reason Set the given reason string for the signature (default: no rea- son set). -etsi Create a signature of type ETSI.CAdES.detached instead of adbe.pkcs7.detached. -list-nicks List available nicknames in the NSS database. -list-backends List available backends for cryptographic signatures -v Print copyright and version information. -h Print usage information. (-help and --help are equivalent.) EXAMPLES pdfsig signed_file.pdf Displays signature info for signed_file.pdf. pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my- cert -reason 'for fun!' Creates a new pdf named output.pdf with the contents of in- put.pdf signed by the 'my-cert' certificate. pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick 'pkcs11:token=smartcard0;object=Second%20certificate;type=cert' Same, but uses a PKCS#11 URI as defined in IETF RFC 7512 to se- lect the certificate to be used for signing. pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert -reason 'for fun!' Creates a new pdf named output.pdf with the contents of in- put.pdf signed by the 'my-cert' certificate. input.pdf must have an already existing un-signed signature field. AUTHOR The pdfsig software and documentation are copyright 1996-2004 Glyph & Cog, LLC and copyright 2005-2015 The Poppler Developers - http://pop- pler.freedesktop.org SEE ALSO pdfdetach(1), pdffonts(1), pdfimages(1), pdfinfo(1), pdftocairo(1), pdftohtml(1), pdftoppm(1), pdftops(1), pdftotext(1) pdfseparate(1), pdfunite(1) certutil(1) 28 October 2015 pdfsig(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | AUTHOR | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pdfsig&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>