pdfsig - Portable Document Format (PDF) digital signatures tool
pdfsig [options] [PDF-file] [Output-file]
pdfsig(1) General Commands Manual pdfsig(1)
NAME
pdfsig - Portable Document Format (PDF) digital signatures tool
SYNOPSIS
pdfsig [options] [PDF-file] [Output-file]
DESCRIPTION
pdfsig verifies the digital signatures in a PDF document. It also dis-
plays the identity of each signer (commonName field and full distin-
guished name of the signer certificate), the time and date of the sig-
nature, the hash algorithm used for signing, the type of the signature
as stated in the PDF and the signed ranges with a statement wether the
total document is signed. It can also sign PDF documents (options
-add-signature or -sign).
pdfsig uses the trusted certificates stored in the Network Security
Services (NSS) Database.
pdfsig also uses the Online Certificate Status Protocol (OCSP) (refer
to http://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) to
look up the certificate online and check if it has been revoked (unless
-no-ocsp has been specified).
The NSS Database is searched for in the following locations:
o If the -nssdir option is specified, the directory specified by
this option.
o The NSS Certificate database in the default Firefox profile.
i.e. $HOME/.mozilla/firefox/*.default.
o The NSS Certificate database in /etc/pki/nssdb.
OPTIONS
-nssdir [prefix]directory
Specify the database directory containing the certificate and
key database files. See certutil(1) -d option for details of the
prefix. If not specified the other search locations described in
DESCRIPTION are used.
-nss-pwd password
Specify the password needed to access the NSS database (if any).
-nocert
Do not validate the certificate.
-no-ocsp
Do not perform online OCSP certificate revocation check (local
Certificate Revocation Lists (CRL) are still used).
-aia Enable the use of Authority Information Access (AIA) extension
to fetch missing certificates to build the certificate chain.
-dump Dump all signatures into current directory.
-add-signature
Add a new signature to the document.
-new-signature-field-name name
Specifies the field name to be used when adding a new signature.
A random ID will be used by default.
-sign n
Sign the document in the n-th signature field present in the
document (must be unsigned).
-nick nickname
Use the certificate with the given nickname for signing.
-kpw password
Use the given password for the signing key (this might be miss-
ing if the key isn't password protected).
-digest algorithm
Use the given digest algorithm for signing (default: SHA256).
-reason reason
Set the given reason string for the signature (default: no rea-
son set).
-etsi Create a signature of type ETSI.CAdES.detached instead of
adbe.pkcs7.detached.
-list-nicks
List available nicknames in the NSS database.
-v Print copyright and version information.
-h Print usage information. (-help and --help are equivalent.)
EXAMPLES
pdfsig signed_file.pdf
Displays signature info for signed_file.pdf.
pdfsig input.pdf output.pdf -add-signature -nss-pwd password -nick my-
cert -reason 'for fun!'
Creates a new pdf named output.pdf with the contents of
input.pdf signed by the 'my-cert' certificate.
pdfsig input.pdf output.pdf -sign 0 -nss-pwd password -nick my-cert
-reason 'for fun!'
Creates a new pdf named output.pdf with the contents of
input.pdf signed by the 'my-cert' certificate. input.pdf must
have an already existing un-signed signature field.
AUTHOR
The pdfsig software and documentation are copyright 1996-2004 Glyph &
Cog, LLC and copyright 2005-2015 The Poppler Developers - http://pop-
pler.freedesktop.org
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+----------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+----------------------+
|Availability | print/filter/poppler |
+---------------+----------------------+
|Stability | Uncommitted |
+---------------+----------------------+
SEE ALSO
pdfdetach(1), pdffonts(1), pdfimages(1), pdfinfo(1), pdftocairo(1),
pdftohtml(1), pdftoppm(1), pdftops(1), pdftotext(1) pdfseparate(1),
pdfunite(1) certutil(1)
NOTES
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from https://poppler.freedesktop.org/pop-
pler-21.10.0.tar.xz.
Further information about this software can be found on the open source
community website at https://poppler.freedesktop.org/.
28 October 2015 pdfsig(1)