[poppler] utils/pdfsig.1
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Jan 12 22:04:20 UTC 2023
utils/pdfsig.1 | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
New commits:
commit da39bd930fee9369071a97b93ffe3ea0987acedc
Author: Tobias Deiminger <tobias.deiminger at posteo.de>
Date: Tue Jan 3 00:25:57 2023 +0100
Point out pdfsig supports PKCS#11 URIs as nickname
NSS "just works" with PKCS#11 URIs since 3.39. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1475274
for details.
IMO we should expose that as feature. It's a standardized NSS-agnostic
way to identify certificate objects, and allows to disambiguate
certificates in any case.
diff --git a/utils/pdfsig.1 b/utils/pdfsig.1
index 872c6e8d..2d84b0c6 100644
--- a/utils/pdfsig.1
+++ b/utils/pdfsig.1
@@ -62,7 +62,7 @@ Specifies the field name to be used when adding a new signature. A random ID wil
Sign the document in the specified signature field present in the document (must be unsigned). Field can be specified by field name (string) or the n-th signature field in the document (integer).
.TP
.B \-nick " nickname"
-Use the certificate with the given nickname for signing.
+Use the certificate with the given nickname for signing. If nickname starts with pkcs11:, it's treated as PKCS#11 URI.
.TP
.B \-kpw " password"
Use the given password for the signing key
@@ -97,6 +97,9 @@ Displays signature info for signed_file.pdf.
pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-cert -reason 'for fun!'
Creates a new pdf named output.pdf with the contents of input.pdf signed by the 'my-cert' certificate.
.TP
+pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick 'pkcs11:token=smartcard0;object=Second%20certificate;type=cert'
+Same, but uses a PKCS#11 URI as defined in IETF RFC 7512 to select the certificate to be used for signing.
+.TP
pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert -reason 'for fun!'
Creates a new pdf named output.pdf with the contents of input.pdf signed by the 'my-cert' certificate. input.pdf must have an already existing un-signed signature field.
.SH AUTHOR
More information about the poppler
mailing list