x SuSE Linux 13.1-RELEASE x
x SuSE Linux 13.1-RELEASEx
pdfsig(1) General Commands Manual pdfsig(1)
NAME
pdfsig - Portable Document Format (PDF) digital signatures tool
SYNOPSIS
pdfsig [options] [PDF-file] [Output-file]
DESCRIPTION
pdfsig verifies the digital signatures in a PDF document. It also dis-
plays the identity of each signer (commonName field and full distin-
guished name of the signer certificate), the time and date of the sig-
nature, the hash algorithm used for signing, the type of the signature
as stated in the PDF and the signed ranges with a statement wether the
total document is signed. It can also sign PDF documents (options
-add-signature or -sign).
pdfsig uses the trusted certificates stored in the Network Security
Services (NSS) Database.
pdfsig also uses the Online Certificate Status Protocol (OCSP) (refer
to http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
look up the certificate online and check if it has been revoked (unless
-no-ocsp has been specified).
The NSS Database is searched for in the following locations:
o If the -nssdir option is specified, the directory specified by
this option.
o The NSS Certificate database in the default Firefox profile.
i.e. $HOME/.mozilla/firefox/*.default.
o The NSS Certificate database in /etc/pki/nssdb.
OPTIONS
-nssdir [prefix]directory
Specify the database directory containing the certificate and
key database files. See certutil(1) -d option for details of the
prefix. If not specified the other search locations described in
DESCRIPTION are used.
-nss-pwd password
Specify the password needed to access the NSS database (if any).
-nocert
Do not validate the certificate.
-no-ocsp
Do not perform online OCSP certificate revocation check (local
Certificate Revocation Lists (CRL) are still used).
-no-appearance
Do not add appearance information when signing existing fields
(signer name and date).
-aia Enable the use of Authority Information Access (AIA) extension
to fetch missing certificates to build the certificate chain.
-dump Dump all signatures into current directory in their native for-
mat. Most likely it is either a unpadded or zero-padded
CMS/PKCS7 bundle.
-add-signature
Add a new signature to the document.
-new-signature-field-name name
Specifies the field name to be used when adding a new signature.
A random ID will be used by default.
-sign field
Sign the document in the specified signature field present in
the document (must be unsigned). Field can be specified by
field name (string) or the n-th signature field in the document
(integer).
-nick nickname
Use the certificate with the given nickname for signing (NSS
backend). If nickname starts with pkcs11:, it's treated as
PKCS#11 URI (NSS backend). If the nickname is given as a finger-
print, it will be the certificate used (GPG backend)
-backend backend
Use the specified backeng for cryptographic signatures
-kpw password
Use the given password for the signing key (this might be miss-
ing if the key isn't password protected).
-digest algorithm
Use the given digest algorithm for signing (default: SHA256).
-reason reason
Set the given reason string for the signature (default: no rea-
son set).
-etsi Create a signature of type ETSI.CAdES.detached instead of
adbe.pkcs7.detached.
-list-nicks
List available nicknames in the NSS database.
-list-backends
List available backends for cryptographic signatures
-v Print copyright and version information.
-h Print usage information. (-help and --help are equivalent.)
EXAMPLES
pdfsig signed_file.pdf
Displays signature info for signed_file.pdf.
pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-
cert -reason 'for fun!'
Creates a new pdf named output.pdf with the contents of in-
put.pdf signed by the 'my-cert' certificate.
pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick
'pkcs11:token=smartcard0;object=Second%20certificate;type=cert'
Same, but uses a PKCS#11 URI as defined in IETF RFC 7512 to se-
lect the certificate to be used for signing.
pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert
-reason 'for fun!'
Creates a new pdf named output.pdf with the contents of in-
put.pdf signed by the 'my-cert' certificate. input.pdf must have
an already existing un-signed signature field.
AUTHOR
The pdfsig software and documentation are copyright 1996-2004 Glyph &
Cog, LLC and copyright 2005-2015 The Poppler Developers - http://pop-
pler.freedesktop.org
SEE ALSO
pdfdetach(1), pdffonts(1), pdfimages(1), pdfinfo(1), pdftocairo(1),
pdftohtml(1), pdftoppm(1), pdftops(1), pdftotext(1) pdfseparate(1),
pdfunite(1) certutil(1)
28 October 2015 pdfsig(1)
Want to link to this manual page? Use this URL:
<https://star2.abcm.com/cgi-bin/bsdi-man?query=pdfsig&sektion=1&manpath=>