Manualshelf

wlisign.1 (2011 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages
12
wlisign(1)
Optional WLI Product Required
wlisign(1)
-h Displays wlisign command syntax
-k privkey File containing a private RSA key in PEM format. This option is required with
the -a and -d options.
-l Lists the signature metadata for execfile.
-o capabilities A comma-separated list of WLI capabilities granted to execfile. There are four
legitimate values:
mem ability to read/write from/to
/dev/mem and /dev/kmem
wmd ability to link/unlink metadata to/from a file
dlkm ability to load dlkm modules
api ability to invoke libwliapi.so functions
For detailed descriptions of capabilities , see wli (5).
-p src:val The passphrase source for privkey . For more information on passphrase syntax,
see wli (5).
-v Verifies the signature metadata and content of execfile. pubkey must be specified
with the
-c option if it has not been authorized by
wlicert.
RETURN VALUE
wlisign returns the following:
Failure A message and a non-zero exit code.
Success An exit code of 0.
EXAMPLES
Sign the executable mycmd with private key keys/pvtkey. The passphrase is held by environment
variable PASS. The public key is keys/pubkey, and it has not been authorized by wlicert (1M). If the
public key had been authorized by
wlicert, the -c option would be unnecessary.
% wlisign -a -k keys/pvtkey -p env:PASS -c keys/pubkey mycmd
Verify the signature of signed executable mycmd using public key keys/pubkey
.
% wlisign -v -c keys/pubkey mycmd
Update the signature metadata for mycmd with product ID "ABC commands". Omit the
-p option so that
the passphrase is prompted for through device
/dev/tty.
% echo "ABC commands" > /tmp/abcprod
% wlisign -a -k keys/pvtkey -g /tmp/abcprod mycmd
Add api capability to mycmd, taking the passphrase from file passfile. This enables mycmd
to exe-
cute functions contained within
libwliapi.so. See libwliapi (3) for details on libwliapi functions.
% wlisign -a -k keys/pvtkey -o api -p file:passfile mycmd
Display the signature metadata for mycmd. This will display optional content in the signature section
like product ID, capabilities as well as required content like the unique FPID (fingerprint ID).
% wlisign -l mycmd
AUTHOR
wlisign was developed by HP.
FILES
/etc/wli/certificates public key information internal to WLI
/etc/wli/wlicert.conf capabilities information internal to WLI
SEE ALSO
wlipolicy(1), wlicert(1M), wli(5).
HP-UX Whitelisting A.01.00 Administrator Guide at:
http://www.hp.com/go/hpux-security-docs.
2 Hewlett-Packard Company 2 HP-UX 11iv3: Sep 2010 Web Release