| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: nbsvtool.1,v 1.5 2009/03/11 13:54:20 joerg Exp $ | | 1 | .\" $NetBSD: nbsvtool.1,v 1.6 2011/04/28 17:14:45 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2004-2008 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2004-2008 The NetBSD Foundation, Inc. |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
7 | .\" by Love Hörnquist Åstrand <lha@it.su.se> | | 7 | .\" by Love Hörnquist Åstrand <lha@it.su.se> |
8 | .\" | | 8 | .\" |
9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
11 | .\" are met: | | 11 | .\" are met: |
12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -118,27 +118,27 @@ for file | | | @@ -118,27 +118,27 @@ for file |
118 | The private key is found in file | | 118 | The private key is found in file |
119 | .Pa key , | | 119 | .Pa key , |
120 | the matching certificate is in | | 120 | the matching certificate is in |
121 | .Pa cert , | | 121 | .Pa cert , |
122 | additional certificates from | | 122 | additional certificates from |
123 | .Pa cert-chain | | 123 | .Pa cert-chain |
124 | are included in the created signature. | | 124 | are included in the created signature. |
125 | .Dl nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7 | | 125 | .Dl nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7 |
126 | .Pp | | 126 | .Pp |
127 | Verify that the signature | | 127 | Verify that the signature |
128 | .Pa hello.sp7 | | 128 | .Pa hello.sp7 |
129 | is valid for file | | 129 | is valid for file |
130 | .Pa hello | | 130 | .Pa hello |
131 | and that the signing certificate allows code signing. Certificates | | 131 | and that the signing certificate allows code signing. |
132 | in | | 132 | Certificates in |
133 | .Pa anchor-file | | 133 | .Pa anchor-file |
134 | are considered trusted, and there must be a certificate chain from one | | 134 | are considered trusted, and there must be a certificate chain from one |
135 | of those certificates to the signing certificate. | | 135 | of those certificates to the signing certificate. |
136 | .Dl nbsvtool -a anchor-file verify-code hello hello.sp7 | | 136 | .Dl nbsvtool -a anchor-file verify-code hello hello.sp7 |
137 | .Sh SEE ALSO | | 137 | .Sh SEE ALSO |
138 | .Xr openssl_smime 1 | | 138 | .Xr openssl_smime 1 |
139 | .\" XXX: pointer to X509 documentation, CA setup | | 139 | .\" XXX: pointer to X509 documentation, CA setup |
140 | .Sh CAVEATS | | 140 | .Sh CAVEATS |
141 | As there is currently no default trust anchor, you must explicilty | | 141 | As there is currently no default trust anchor, you must explicilty |
142 | specify one with | | 142 | specify one with |
143 | .Fl a , | | 143 | .Fl a , |
144 | otherwise no verification can succeed. | | 144 | otherwise no verification can succeed. |