diff options
Diffstat (limited to 'doc/rst/legacy/tools/signver/index.rst')
-rw-r--r-- | doc/rst/legacy/tools/signver/index.rst | 194 |
1 files changed, 97 insertions, 97 deletions
diff --git a/doc/rst/legacy/tools/signver/index.rst b/doc/rst/legacy/tools/signver/index.rst index b68a170cc..18fa331bd 100644 --- a/doc/rst/legacy/tools/signver/index.rst +++ b/doc/rst/legacy/tools/signver/index.rst @@ -6,113 +6,113 @@ NSS tools : signver .. container:: | Name - | signver — Verify a detached PKCS#7 signature for a file. + | signver — Verify a detached PKCS#7 signature for a file. | Synopsis - | signtool -A \| -V -d directory [-a] [-i input_file] [-o output_file] [-s - | signature_file] [-v] + | signtool -A \| -V -d directory [-a] [-i input_file] [-o output_file] [-s + | signature_file] [-v] | Description - | The Signature Verification Tool, signver, is a simple command-line utility - | that unpacks a base-64-encoded PKCS#7 signed object and verifies the - | digital signature using standard cryptographic techniques. The Signature - | Verification Tool can also display the contents of the signed object. + | The Signature Verification Tool, signver, is a simple command-line utility + | that unpacks a base-64-encoded PKCS#7 signed object and verifies the + | digital signature using standard cryptographic techniques. The Signature + | Verification Tool can also display the contents of the signed object. | Options - | -A - | Displays all of the information in the PKCS#7 signature. - | -V - | Verifies the digital signature. - | -d [sql:]directory - | Specify the database directory which contains the certificates and - | keys. - | signver supports two types of databases: the legacy security - | databases (cert8.db, key3.db, and secmod.db) and new SQLite - | databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: - | is not used, then the tool assumes that the given databases are in - | the old format. - | -a - | Sets that the given signature file is in ASCII format. - | -i input_file - | Gives the input file for the object with signed data. - | -o output_file - | Gives the output file to which to write the results. - | -s signature_file - | Gives the input file for the digital signature. - | -v - | Enables verbose output. + | -A + | Displays all of the information in the PKCS#7 signature. + | -V + | Verifies the digital signature. + | -d [sql:]directory + | Specify the database directory which contains the certificates and + | keys. + | signver supports two types of databases: the legacy security + | databases (cert8.db, key3.db, and secmod.db) and new SQLite + | databases (cert9.db, key4.db, and pkcs11.txt). If the prefix sql: + | is not used, then the tool assumes that the given databases are in + | the old format. + | -a + | Sets that the given signature file is in ASCII format. + | -i input_file + | Gives the input file for the object with signed data. + | -o output_file + | Gives the output file to which to write the results. + | -s signature_file + | Gives the input file for the digital signature. + | -v + | Enables verbose output. | Extended Examples - | Verifying a Signature - | The -V option verifies that the signature in a given signature file is - | valid when used to sign the given object (from the input file). - | signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb - | signatureValid=yes - | Printing Signature Data - | The -A option prints all of the information contained in a signature file. - | Using the -o option prints the signature file information to the given - | output file rather than stdout. - | signver -A -s signature_file -o output_file + | Verifying a Signature + | The -V option verifies that the signature in a given signature file is + | valid when used to sign the given object (from the input file). + | signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb + | signatureValid=yes + | Printing Signature Data + | The -A option prints all of the information contained in a signature file. + | Using the -o option prints the signature file information to the given + | output file rather than stdout. + | signver -A -s signature_file -o output_file | NSS Database Types - | NSS originally used BerkeleyDB databases to store security information. - | The last versions of these legacy databases are: - | o cert8.db for certificates - | o key3.db for keys - | o secmod.db for PKCS #11 module information - | BerkeleyDB has performance limitations, though, which prevent it from - | being easily used by multiple applications simultaneously. NSS has some - | flexibility that allows applications to use their own, independent - | database engine while keeping a shared database and working around the - | access issues. Still, NSS requires more flexibility to provide a truly - | shared security database. - | In 2009, NSS introduced a new set of databases that are SQLite databases - | rather than BerkleyDB. These new databases provide more accessibility and - | performance: - | o cert9.db for certificates - | o key4.db for keys - | o pkcs11.txt, which is listing of all of the PKCS #11 modules contained - | in a new subdirectory in the security databases directory - | Because the SQLite databases are designed to be shared, these are the - | shared database type. The shared database type is preferred; the legacy - | format is included for backward compatibility. - | By default, the tools (certutil, pk12util, modutil) assume that the given - | security databases follow the more common legacy type. Using the SQLite - | databases must be manually specified by using the sql: prefix with the - | given security directory. For example: - | # signver -A -s signature -d sql:/home/my/sharednssdb - | To set the shared database type as the default type for the tools, set the - | NSS_DEFAULT_DB_TYPE environment variable to sql: - | export NSS_DEFAULT_DB_TYPE="sql" - | This line can be set added to the ~/.bashrc file to make the change - | permanent. - | Most applications do not use the shared database by default, but they can - | be configured to use them. For example, this how-to article covers how to - | configure Firefox and Thunderbird to use the new shared NSS databases: - | o https://wiki.mozilla.org/NSS_Shared_DB_Howto - | For an engineering draft on the changes in the shared NSS databases, see - | the NSS project wiki: - | o https://wiki.mozilla.org/NSS_Shared_DB + | NSS originally used BerkeleyDB databases to store security information. + | The last versions of these legacy databases are: + | o cert8.db for certificates + | o key3.db for keys + | o secmod.db for PKCS #11 module information + | BerkeleyDB has performance limitations, though, which prevent it from + | being easily used by multiple applications simultaneously. NSS has some + | flexibility that allows applications to use their own, independent + | database engine while keeping a shared database and working around the + | access issues. Still, NSS requires more flexibility to provide a truly + | shared security database. + | In 2009, NSS introduced a new set of databases that are SQLite databases + | rather than BerkleyDB. These new databases provide more accessibility and + | performance: + | o cert9.db for certificates + | o key4.db for keys + | o pkcs11.txt, which is listing of all of the PKCS #11 modules contained + | in a new subdirectory in the security databases directory + | Because the SQLite databases are designed to be shared, these are the + | shared database type. The shared database type is preferred; the legacy + | format is included for backward compatibility. + | By default, the tools (certutil, pk12util, modutil) assume that the given + | security databases follow the more common legacy type. Using the SQLite + | databases must be manually specified by using the sql: prefix with the + | given security directory. For example: + | # signver -A -s signature -d sql:/home/my/sharednssdb + | To set the shared database type as the default type for the tools, set the + | NSS_DEFAULT_DB_TYPE environment variable to sql: + | export NSS_DEFAULT_DB_TYPE="sql" + | This line can be set added to the ~/.bashrc file to make the change + | permanent. + | Most applications do not use the shared database by default, but they can + | be configured to use them. For example, this how-to article covers how to + | configure Firefox and Thunderbird to use the new shared NSS databases: + | o https://wiki.mozilla.org/NSS_Shared_DB_Howto + | For an engineering draft on the changes in the shared NSS databases, see + | the NSS project wiki: + | o https://wiki.mozilla.org/NSS_Shared_DB | See Also - | signtool (1) - | The NSS wiki has information on the new database design and how to - | configure applications to use it. - | o Setting up the shared NSS database - | https://wiki.mozilla.org/NSS_Shared_DB_Howto - | o Engineering and technical information about the shared NSS database - | https://wiki.mozilla.org/NSS_Shared_DB + | signtool (1) + | The NSS wiki has information on the new database design and how to + | configure applications to use it. + | o Setting up the shared NSS database + | https://wiki.mozilla.org/NSS_Shared_DB_Howto + | o Engineering and technical information about the shared NSS database + | https://wiki.mozilla.org/NSS_Shared_DB | Additional Resources - | For information about NSS and other tools related to NSS (like JSS), check - | out the NSS project wiki at - | + | For information about NSS and other tools related to NSS (like JSS), check + | out the NSS project wiki at + | [1]\ `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__. The NSS site relates - | directly to NSS code changes and releases. - | Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto - | IRC: Freenode at #dogtag-pki + | directly to NSS code changes and releases. + | Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto + | IRC: Freenode at #dogtag-pki | Authors - | The NSS tools were written and maintained by developers with Netscape, Red - | Hat, and Sun. - | Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey - | <dlackey@redhat.com>. + | The NSS tools were written and maintained by developers with Netscape, Red + | Hat, and Sun. + | Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey + | <dlackey@redhat.com>. | Copyright - | (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. + | (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. | References - | Visible links - | 1. + | Visible links + | 1. `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__
\ No newline at end of file |