| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | .\" $NetBSD: nbsvtool.1,v 1.5 2009/03/11 13:54:20 joerg Exp $ | | 1 | .\" $NetBSD: nbsvtool.1,v 1.6 2011/04/28 17:14:45 wiz Exp $ |
| 2 | .\" | | 2 | .\" |
| 3 | .\" Copyright (c) 2004-2008 The NetBSD Foundation, Inc. | | 3 | .\" Copyright (c) 2004-2008 The NetBSD Foundation, Inc. |
| 4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
| 5 | .\" | | 5 | .\" |
| 6 | .\" This code is derived from software contributed to The NetBSD Foundation | | 6 | .\" This code is derived from software contributed to The NetBSD Foundation |
| 7 | .\" by Love Hörnquist Åstrand <lha@it.su.se> | | 7 | .\" by Love Hörnquist Åstrand <lha@it.su.se> |
| 8 | .\" | | 8 | .\" |
| 9 | .\" Redistribution and use in source and binary forms, with or without | | 9 | .\" Redistribution and use in source and binary forms, with or without |
| 10 | .\" modification, are permitted provided that the following conditions | | 10 | .\" modification, are permitted provided that the following conditions |
| 11 | .\" are met: | | 11 | .\" are met: |
| 12 | .\" 1. Redistributions of source code must retain the above copyright | | 12 | .\" 1. Redistributions of source code must retain the above copyright |
| 13 | .\" notice, this list of conditions and the following disclaimer. | | 13 | .\" notice, this list of conditions and the following disclaimer. |
| 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| @@ -118,27 +118,27 @@ for file | | | @@ -118,27 +118,27 @@ for file |
| 118 | The private key is found in file | | 118 | The private key is found in file |
| 119 | .Pa key , | | 119 | .Pa key , |
| 120 | the matching certificate is in | | 120 | the matching certificate is in |
| 121 | .Pa cert , | | 121 | .Pa cert , |
| 122 | additional certificates from | | 122 | additional certificates from |
| 123 | .Pa cert-chain | | 123 | .Pa cert-chain |
| 124 | are included in the created signature. | | 124 | are included in the created signature. |
| 125 | .Dl nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7 | | 125 | .Dl nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7 |
| 126 | .Pp | | 126 | .Pp |
| 127 | Verify that the signature | | 127 | Verify that the signature |
| 128 | .Pa hello.sp7 | | 128 | .Pa hello.sp7 |
| 129 | is valid for file | | 129 | is valid for file |
| 130 | .Pa hello | | 130 | .Pa hello |
| 131 | and that the signing certificate allows code signing. Certificates | | 131 | and that the signing certificate allows code signing. |
| 132 | in | | 132 | Certificates in |
| 133 | .Pa anchor-file | | 133 | .Pa anchor-file |
| 134 | are considered trusted, and there must be a certificate chain from one | | 134 | are considered trusted, and there must be a certificate chain from one |
| 135 | of those certificates to the signing certificate. | | 135 | of those certificates to the signing certificate. |
| 136 | .Dl nbsvtool -a anchor-file verify-code hello hello.sp7 | | 136 | .Dl nbsvtool -a anchor-file verify-code hello hello.sp7 |
| 137 | .Sh SEE ALSO | | 137 | .Sh SEE ALSO |
| 138 | .Xr openssl_smime 1 | | 138 | .Xr openssl_smime 1 |
| 139 | .\" XXX: pointer to X509 documentation, CA setup | | 139 | .\" XXX: pointer to X509 documentation, CA setup |
| 140 | .Sh CAVEATS | | 140 | .Sh CAVEATS |
| 141 | As there is currently no default trust anchor, you must explicilty | | 141 | As there is currently no default trust anchor, you must explicilty |
| 142 | specify one with | | 142 | specify one with |
| 143 | .Fl a , | | 143 | .Fl a , |
| 144 | otherwise no verification can succeed. | | 144 | otherwise no verification can succeed. |