.TH PESIGN-CLIENT 1 "Mon Oct 15 2012"
.SH NAME
pesign-client \- command line tool for signing UEFI applications

.SH SYNOPSIS
\fBpesign\fR [\-\-in=\fIinfile\fR | \-i \fIinfile\fR]
       [\-\-out=\fIoutfile\fR | \-o \fIoutfile\fR]
       [\-\-export=\fIexportfile\fR | \-e \fIexportfile\fR]
       [\-\-token=\fItoken\fR | \-t \fItoken\fR]
       [\-\-certificate=\fInickname\fR | \-c \fInickname\fR]
       [\-\-unlock | \-u] [\-\-kill | \-k] [\-\-sign | \-s] [ \-\-is\-unlocked | \-q ]
       [\-\-pinfd=\fIpinfd\fR | \-f \fIpinfd\fR]
       [\-\-pinfile=\fIpinfile\fR | \-F \fIpinfile\fR]

.SH DESCRIPTION
\fBpesign\fR is a command line tool for manipulating signatures and 
cryptographic digests of UEFI applications.

.SH OPTIONS
.TP
\fB-\-unlock\fR
Unlock the specified token.  A PIN - specified by one of \fB-\-pinfd\fR,
\fB-\-pinfile\fR, or the environmental variable \fBPESIGN_TOKEN_PIN\fR -
is required for this operation to succeed.  The PIN may be empty, if that
is what is required for the token specified with \fB-\-token\fR.

\fB-\-is\-unlocked\fR
Query a token specified with \fB-\-token\fR for lock status.

.TP
\fB-\-pinfd\fR=\fIpinfd\fR
When using \fB-\-unlock\fR, read the token's PIN from the open file descriptor
\fIpinfd\fR.

.TP
\fB-\-pinfile\fR=\fIpinfile\fR
When using \fB-\-unlock\fR, read the token's PIN from the file \fIpinfile\fR.

.TP
\fB-\-sign\fR
.br
Sign the binary specified by \fIinfile\fR.

.TP
\fB-\-export\fR
When used with \fB-\-sign\fR, write the signature to \fIoutfile\fR.

.TP
\fB-\-infile\fR=\fIinfile\fR
When used with \fB-\-sign\fR, specify the input binary.

.TP
\fB-\-outfile\fR=\fIoutfile\fR
When used with \fB-\-sign\fR, specify output file.  If \fB-\-detached\fR
is specified, this will be a DER-formatted signature.  Otherwise, the
output will be the signed PE binary.

.TP
\fB-\-token\fR=\fItoken\fR
When used with \fB-\-unlock\fR or \fB-\-sign\fR, use the specified NSS
token's certificate database.

.TP
\fB-\-certificate\fR=\fInickname\fR
When used with \fB-\-sign\fR, use the certificate database entry with the
specified nickname for signing.

.TP
\fB-\-kill\fR
.br
Terminate the signing server.

.SH "SEE ALSO"
.BR pesign (1)

.SH AUTHORS
.nf
Peter Jones
.fi