Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Wednesday, February 9, 2022
 
 

pdfsig (1)

Name

pdfsig - Portable Document Format (PDF) digital signatures tool

Synopsis

pdfsig [options] [PDF-file] [Output-file]

Description

pdfsig(1)                   General Commands Manual                  pdfsig(1)



NAME
       pdfsig - Portable Document Format (PDF) digital signatures tool

SYNOPSIS
       pdfsig [options] [PDF-file] [Output-file]

DESCRIPTION
       pdfsig verifies the digital signatures in a PDF document.  It also dis-
       plays the identity of each signer (commonName field  and  full  distin-
       guished  name of the signer certificate), the time and date of the sig-
       nature, the hash algorithm used for signing, the type of the  signature
       as  stated in the PDF and the signed ranges with a statement wether the
       total document is signed.  It can  also  sign  PDF  documents  (options
       -add-signature or -sign).

       pdfsig  uses  the  trusted  certificates stored in the Network Security
       Services (NSS) Database.

       pdfsig also uses the Online Certificate Status Protocol  (OCSP)  (refer
       to  http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
       look up the certificate online and check if it has been revoked (unless
       -no-ocsp has been specified).

       The NSS Database is searched for in the following locations:

       o      If  the  -nssdir option is specified, the directory specified by
              this option.

       o      The NSS Certificate database in  the  default  Firefox  profile.
              i.e. $HOME/.mozilla/firefox/*.default.

       o      The NSS Certificate database in /etc/pki/nssdb.

OPTIONS
       -nssdir [prefix]directory
              Specify  the  database  directory containing the certificate and
              key database files. See certutil(1) -d option for details of the
              prefix. If not specified the other search locations described in
              DESCRIPTION are used.

       -nss-pwd password
              Specify the password needed to access the NSS database (if any).

       -nocert
              Do not validate the certificate.

       -no-ocsp
              Do not perform online OCSP certificate revocation  check  (local
              Certificate Revocation Lists (CRL) are still used).

       -aia   Enable  the  use of Authority Information Access (AIA) extension
              to fetch missing certificates to build the certificate chain.

       -dump  Dump all signatures into current directory.

       -add-signature
              Add a new signature to the document.

       -new-signature-field-name  name
              Specifies the field name to be used when adding a new signature.
              A random ID will be used by default.

       -sign  n
              Sign  the  document  in  the n-th signature field present in the
              document (must be unsigned).

       -nick  nickname
              Use the certificate with the given nickname for signing.

       -kpw  password
              Use the given password for the signing key (this might be  miss-
              ing if the key isn't password protected).

       -digest  algorithm
              Use the given digest algorithm for signing (default: SHA256).

       -reason  reason
              Set  the given reason string for the signature (default: no rea-
              son set).

       -etsi  Create  a  signature  of  type  ETSI.CAdES.detached  instead  of
              adbe.pkcs7.detached.

       -list-nicks
              List available nicknames in the NSS database.

       -v     Print copyright and version information.

       -h     Print usage information.  (-help and --help are equivalent.)

EXAMPLES
       pdfsig signed_file.pdf
              Displays signature info for signed_file.pdf.

       pdfsig  input.pdf output.pdf -add-signature -nss-pwd password -nick my-
       cert -reason 'for fun!'
              Creates  a  new  pdf  named  output.pdf  with  the  contents  of
              input.pdf signed by the 'my-cert' certificate.

       pdfsig  input.pdf  output.pdf  -sign  0 -nss-pwd password -nick my-cert
       -reason 'for fun!'
              Creates  a  new  pdf  named  output.pdf  with  the  contents  of
              input.pdf  signed  by  the 'my-cert' certificate. input.pdf must
              have an already existing un-signed signature field.

AUTHOR
       The pdfsig software and documentation are copyright 1996-2004  Glyph  &
       Cog,  LLC  and copyright 2005-2015 The Poppler Developers - http://pop-
       pler.freedesktop.org


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+----------------------+
       |ATTRIBUTE TYPE |   ATTRIBUTE VALUE    |
       +---------------+----------------------+
       |Availability   | print/filter/poppler |
       +---------------+----------------------+
       |Stability      | Uncommitted          |
       +---------------+----------------------+

SEE ALSO
       pdfdetach(1),  pdffonts(1),  pdfimages(1),  pdfinfo(1),  pdftocairo(1),
       pdftohtml(1),  pdftoppm(1),  pdftops(1),  pdftotext(1)  pdfseparate(1),
       pdfunite(1) certutil(1)



NOTES
       Source code for open source software components in Oracle  Solaris  can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-
       code-downloads.html.

       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source  was   downloaded   from    https://poppler.freedesktop.org/pop-
       pler-21.10.0.tar.xz.

       Further information about this software can be found on the open source
       community website at https://poppler.freedesktop.org/.



                                28 October 2015                      pdfsig(1)