search

mtrojnar / osslsigncode

OpenSSL based Authenticode signing for PE/MSI/Java CAB files
Other
729 stars 124 forks source link

Documentation issue #377

Closed maharmstone closed 3 months ago

maharmstone commented 3 months ago

Hi,

Would you mind fixing this bit of osslsigncode --help please?

 [ sign ] ( -certs | -spc <certfile> -key <keyfile> | -pkcs12 <pkcs12file> |
              [ -pkcs11engine <engine> ] -pkcs11module <module> -pkcs11cert <pkcs11 cert id> |
              -certs <certfile> -key <pkcs11 key id>)

It implies that -key isn't a valid option if you're using -pkcs11module, but I had to add this to get my Certum card to work.

If you find the time, I think a man page would be appreciated. It's a really cool program, but so hard to find the incantation to get it to work!

(For anybody Googling: it turned out to be osslsigncode sign -pkcs11module /usr/lib64/libcrypto3PKCS.so -pkcs11cert "pkcs11:object=Open Source Developer, Mark Harmstone" -key "pkcs11:object=Open Source Developer, Mark Harmstone" -in btrfs.sys -out btrfs-signed.sys -t http://timestamp.digicert.com)

olszomal commented 3 months ago

@maharmstone Will adding the following grouping make this manual more readable?

Usage: ./osslsigncode [ sign ] ( -pkcs12 <pkcs12file>
              | ( -certs <certfile> | -spc <certfile> ) -key <keyfile>
              | [ -pkcs11engine <engine> ] -pkcs11module <module>
                ( -pkcs11cert <pkcs11 cert id> | -certs <certfile> ) -key <pkcs11 key id> )
          (...)
maharmstone commented 3 months ago

It'd be an improvement, yes!

maharmstone commented 3 months ago

Thanks both