Provided by: pesign_0.112-4_amd64 bug


       pesign-client - command line tool for signing UEFI applications


       pesign [--in=infile | -i infile]
              [--out=outfile | -o outfile]
              [--export=exportfile | -e exportfile]
              [--token=token | -t token]
              [--certificate=nickname | -c nickname]
              [--unlock | -u] [--kill | -k] [--sign | -s] [ --is-unlocked | -q ]
              [--pinfd=pinfd | -f pinfd]
              [--pinfile=pinfile | -F pinfile]


       pesign  is  a  command  line tool for manipulating signatures and cryptographic digests of
       UEFI applications.


              Unlock the specified token.  A PIN - specified by one of --pinfd, --pinfile, or the
              environmental  variable  PESIGN_TOKEN_PIN  -  is  required  for  this  operation to
              succeed.  The PIN may be empty, if that is what is required for the token specified
              with --token.

              --is-unlocked Query a token specified with --token for lock status.

              When using --unlock, read the token's PIN from the open file descriptor pinfd.

              When using --unlock, read the token's PIN from the file pinfile.

              Sign the binary specified by infile.

              When used with --sign, write the signature to outfile.

              When used with --sign, specify the input binary.

              When  used with --sign, specify output file.  If --detached is specified, this will
              be a DER-formatted signature.  Otherwise, the output will be the signed PE binary.

              When used with --unlock or  --sign,  use  the  specified  NSS  token's  certificate

              When  used  with  --sign,  use  the  certificate  database entry with the specified
              nickname for signing.

              Terminate the signing server.




       Peter Jones

                                         Mon Oct 15 2012                         PESIGN-CLIENT(1)