EnglishFrenchSpanish

OnWorks favicon

signver - Online in the Cloud

Run signver in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command signver that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


signver - Verify a detached PKCS#7 signature for a file.

SYNOPSIS


signtool -A | -V -d directory [-a] [-i input_file] [-o output_file] [-s signature_file]
[-v]

STATUS


This documentation is still work in progress. Please contribute to the initial review in
Mozilla NSS bug 836477[1]

DESCRIPTION


The Signature Verification Tool, signver, is a simple command-line utility that unpacks a
base-64-encoded PKCS#7 signed object and verifies the digital signature using standard
cryptographic techniques. The Signature Verification Tool can also display the contents of
the signed object.

OPTIONS


-A
Displays all of the information in the PKCS#7 signature.

-V
Verifies the digital signature.

-d [sql:]directory
Specify the database directory which contains the certificates and keys.

signver supports two types of databases: the legacy security databases (cert8.db,
key3.db, and secmod.db) and new SQLite databases (cert9.db, key4.db, and pkcs11.txt).
If the prefix sql: is not used, then the tool assumes that the given databases are in
the old format.

-a
Sets that the given signature file is in ASCII format.

-i input_file
Gives the input file for the object with signed data.

-o output_file
Gives the output file to which to write the results.

-s signature_file
Gives the input file for the digital signature.

-v
Enables verbose output.

EXTENDED EXAMPLES


Verifying a Signature
The -V option verifies that the signature in a given signature file is valid when used to
sign the given object (from the input file).

signver -V -s signature_file -i signed_file -d sql:/home/my/sharednssdb

signatureValid=yes

Printing Signature Data
The -A option prints all of the information contained in a signature file. Using the -o
option prints the signature file information to the given output file rather than stdout.

signver -A -s signature_file -o output_file

NSS DATABASE TYPES


NSS originally used BerkeleyDB databases to store security information. The last versions
of these legacy databases are:

· cert8.db for certificates

· key3.db for keys

· secmod.db for PKCS #11 module information

BerkeleyDB has performance limitations, though, which prevent it from being easily used by
multiple applications simultaneously. NSS has some flexibility that allows applications to
use their own, independent database engine while keeping a shared database and working
around the access issues. Still, NSS requires more flexibility to provide a truly shared
security database.

In 2009, NSS introduced a new set of databases that are SQLite databases rather than
BerkleyDB. These new databases provide more accessibility and performance:

· cert9.db for certificates

· key4.db for keys

· pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new
subdirectory in the security databases directory

Because the SQLite databases are designed to be shared, these are the shared database
type. The shared database type is preferred; the legacy format is included for backward
compatibility.

By default, the tools (certutil, pk12util, modutil) assume that the given security
databases follow the more common legacy type. Using the SQLite databases must be manually
specified by using the sql: prefix with the given security directory. For example:

# signver -A -s signature -d sql:/home/my/sharednssdb

To set the shared database type as the default type for the tools, set the
NSS_DEFAULT_DB_TYPE environment variable to sql:

export NSS_DEFAULT_DB_TYPE="sql"

This line can be added to the ~/.bashrc file to make the change permanent for the user.

Most applications do not use the shared database by default, but they can be configured to
use them. For example, this how-to article covers how to configure Firefox and Thunderbird
to use the new shared NSS databases:

· https://wiki.mozilla.org/NSS_Shared_DB_Howto

For an engineering draft on the changes in the shared NSS databases, see the NSS project
wiki:

· https://wiki.mozilla.org/NSS_Shared_DB

Use signver online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    Zephyr Project
    Zephyr Project
    The Zephyr Project is a new generation
    real-time operating system (RTOS) that
    supports multiple hardware
    architectures. It is based on a
    small-footprint kernel...
    Download Zephyr Project
  • 2
    SCons
    SCons
    SCons is a software construction tool
    that is a superior alternative to the
    classic "Make" build tool that
    we all know and love. SCons is
    implemented a...
    Download SCons
  • 3
    PSeInt
    PSeInt
    PSeInt is a pseudo-code interpreter for
    spanish-speaking programming students.
    Its main purpose is to be a tool for
    learning and understanding the basic
    concep...
    Download PSeInt
  • 4
    oStorybook
    oStorybook
    oStorybook l'outil privil�gi� des
    �crivains. ATTENTION : voir sur
    http://ostorybook.tuxfamily.org/v5/
    --en_EN oStorybook the right tool for
    writers. WARNIN...
    Download oStorybook
  • 5
    Asuswrt-Merlin
    Asuswrt-Merlin
    Asuswrt-Merlin is a third party
    firmware for select Asus wireless
    routers. Based on the Asuswrt firmware
    developed by Asus, it brings tweaks, new
    features and ...
    Download Asuswrt-Merlin
  • 6
    Atom
    Atom
    Atom is a text editor that's
    modern, approachable and full-featured.
    It's also easily customizable- you
    can customize it to do anything and be
    able to ...
    Download Atom
  • More »

Linux commands

Ad