| NBSVTOOL(1) | General Commands Manual | NBSVTOOL(1) | 
nbsvtool —
| nbsvtool | [ -v] [-aanchor-certificates] [-ccertificate-chain] [-fcertificate-file] [-kprivate-key-file] [-urequired-key-usage] command
      args ... | 
nbsvtool is used to create and verify detached X509
  signatures of files. Private keys and certificates are expected to be PEM
  encoded, signatures are in PEM/SMIME format.
Supported commands:
-f and -k are required for
      this command.-u
      code.Supported options:
-a
    anchor-certificates-c
    certificate-chain-f
    certificate-file-k.-k
    private-key-file-u
    required-key-usage-vnbsvtool utility exits 0 on success,
  and >0 if an error occurs.
nbsvtool -k key -f cert -c cert-chain
  sign hello hello.sp7Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing. Certificates in anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
nbsvtool -a anchor-file verify-code
  hello hello.sp7-a, otherwise no verification can succeed.
| March 11, 2009 | NetBSD 9.4 |