diff options
author | Tobias Deiminger <tobias.deiminger@posteo.de> | 2023-01-03 00:25:57 +0100 |
---|---|---|
committer | Tobias Deiminger <tobias.deiminger@posteo.de> | 2023-01-11 22:41:24 +0100 |
commit | da39bd930fee9369071a97b93ffe3ea0987acedc (patch) | |
tree | 15a245596515a4b7dc330c029318361cf691de34 | |
parent | 63bfacc89576345722cf3cefb962861aa7d159b8 (diff) |
Point out pdfsig supports PKCS#11 URIs as nickname
NSS "just works" with PKCS#11 URIs since 3.39. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1475274
for details.
IMO we should expose that as feature. It's a standardized NSS-agnostic
way to identify certificate objects, and allows to disambiguate
certificates in any case.
-rw-r--r-- | utils/pdfsig.1 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/utils/pdfsig.1 b/utils/pdfsig.1 index 872c6e8d..2d84b0c6 100644 --- a/utils/pdfsig.1 +++ b/utils/pdfsig.1 @@ -62,7 +62,7 @@ Specifies the field name to be used when adding a new signature. A random ID wil Sign the document in the specified signature field present in the document (must be unsigned). Field can be specified by field name (string) or the n-th signature field in the document (integer). .TP .B \-nick " nickname" -Use the certificate with the given nickname for signing. +Use the certificate with the given nickname for signing. If nickname starts with pkcs11:, it's treated as PKCS#11 URI. .TP .B \-kpw " password" Use the given password for the signing key @@ -97,6 +97,9 @@ Displays signature info for signed_file.pdf. pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-cert -reason 'for fun!' Creates a new pdf named output.pdf with the contents of input.pdf signed by the 'my-cert' certificate. .TP +pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick 'pkcs11:token=smartcard0;object=Second%20certificate;type=cert' +Same, but uses a PKCS#11 URI as defined in IETF RFC 7512 to select the certificate to be used for signing. +.TP pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert -reason 'for fun!' Creates a new pdf named output.pdf with the contents of input.pdf signed by the 'my-cert' certificate. input.pdf must have an already existing un-signed signature field. .SH AUTHOR |