manpagez: man pages & more
man pdfsig(1)
Home | html | info | man
pdfsig(1)                   General Commands Manual                  pdfsig(1)


NAME

       pdfsig - Portable Document Format (PDF) digital signatures tool


SYNOPSIS

       pdfsig [options] [PDF-file] [Output-file]


DESCRIPTION

       pdfsig verifies the digital signatures in a PDF document.  It also
       displays the identity of each signer (commonName field and full
       distinguished name of the signer certificate), the time and date of the
       signature, the hash algorithm used for signing, the type of the
       signature as stated in the PDF and the signed ranges with a statement
       wether the total document is signed.  It can also sign PDF documents
       (options -add-signature or -sign).

       pdfsig uses the trusted certificates stored in the Network Security
       Services (NSS) Database.

       pdfsig also uses the Online Certificate Status Protocol (OCSP) (refer
       to http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
       look up the certificate online and check if it has been revoked (unless
       -no-ocsp has been specified).

       The NSS Database is searched for in the following locations:

       o      If the -nssdir option is specified, the directory specified by
              this option.

       o      The NSS Certificate database in the default Firefox profile.
              i.e. $HOME/.mozilla/firefox/*.default.

       o      The NSS Certificate database in /etc/pki/nssdb.


OPTIONS

       -nssdir [prefix]directory
              Specify the database directory containing the certificate and
              key database files. See certutil(1) -d option for details of the
              prefix. If not specified the other search locations described in
              DESCRIPTION are used.

       -nss-pwd password
              Specify the password needed to access the NSS database (if any).

       -nocert
              Do not validate the certificate.

       -no-ocsp
              Do not perform online OCSP certificate revocation check (local
              Certificate Revocation Lists (CRL) are still used).

       -no-appearance
              Do not add appearance information when signing existing fields
              (signer name and date).

       -aia   Enable the use of Authority Information Access (AIA) extension
              to fetch missing certificates to build the certificate chain.

       -dump  Dump all signatures into current directory in their native
              format. Most likely it is either a unpadded or zero-padded
              CMS/PKCS7 bundle.

       -add-signature
              Add a new signature to the document.

       -new-signature-field-name  name
              Specifies the field name to be used when adding a new signature.
              A random ID will be used by default.

       -sign  field
              Sign the document in the specified signature field present in
              the document (must be unsigned).  Field can be specified by
              field name (string) or the n-th signature field in the document
              (integer).

       -nick  nickname
              Use the certificate with the given nickname for signing (NSS
              backend). If nickname starts with pkcs11:, it's treated as
              PKCS#11 URI (NSS backend). If the nickname is given as a
              fingerprint, it will be the certificate used (GPG backend)

       -backend  backend
              Use the specified backeng for cryptographic signatures

       -kpw  password
              Use the given password for the signing key (this might be
              missing if the key isn't password protected).

       -digest  algorithm
              Use the given digest algorithm for signing (default: SHA256).

       -reason  reason
              Set the given reason string for the signature (default: no
              reason set).

       -etsi  Create a signature of type ETSI.CAdES.detached instead of
              adbe.pkcs7.detached.

       -list-nicks
              List available nicknames in the NSS database.

       -list-backends
              List available backends for cryptographic signatures

       -v     Print copyright and version information.

       -h     Print usage information.  (-help and --help are equivalent.)


EXAMPLES

       pdfsig signed_file.pdf
              Displays signature info for signed_file.pdf.

       pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-
       cert -reason 'for fun!'
              Creates a new pdf named output.pdf with the contents of
              input.pdf signed by the 'my-cert' certificate.

       pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick
       'pkcs11:token=smartcard0;object=Second%20certificate;type=cert'
              Same, but uses a PKCS#11 URI as defined in IETF RFC 7512 to
              select the certificate to be used for signing.

       pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert
       -reason 'for fun!'
              Creates a new pdf named output.pdf with the contents of
              input.pdf signed by the 'my-cert' certificate. input.pdf must
              have an already existing un-signed signature field.


AUTHOR

       The pdfsig software and documentation are copyright 1996-2004 Glyph &
       Cog, LLC and copyright 2005-2015 The Poppler Developers -
       http://poppler.freedesktop.org


SEE ALSO

       pdfdetach(1), pdffonts(1), pdfimages(1), pdfinfo(1), pdftocairo(1),
       pdftohtml(1), pdftoppm(1), pdftops(1), pdftotext(1) pdfseparate(1),
       pdfunite(1) certutil(1)

                                28 October 2015                      pdfsig(1)

poppler 24.03.0 - Generated Wed Mar 6 14:51:00 CST 2024
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.