`signercli`

Command Line Interface – Full Command Overview

1. Overview

Certchip Signer CLI (signercli) is a cross-platform command-line tool for:

Code signing
Document signing
Certificate and key management
Signature verification
CI/CD automation

It is designed to work with the Certchip Signer Server and supports:

API-key–based automation
SSH-key–based user authentication
HSM-backed and software-based key storage
Cross-platform execution (Windows, Linux, macOS)

2. Version Information

Certchip Signer CLI v0.1.20
Cross-platform code and document signing tool

3. Command Usage

signercli [command] [options]

Commands may be:
- A file path (implicit signing)
- An explicit subcommand (e.g. cert, privkey)
Global options apply to all commands

4. Top-Level Commands

Command	Description
`<file>`	Sign a file (EXE, PDF, documents, scripts, etc.)
`-login`	Authenticate using SSH key or username
`-logout`	Logout and revoke authentication token
`-verify`	Verify a file’s signature
`-config`	Manage signing profiles
`-codesign-list`	List available code-signing certificates
`-codesign-id`	Get or set the active code-signing certificate
`-codesign-cert`	Export code-signing certificate PEM
`-codesign-set`	Set private key password
`-cert`	Certificate management (Signer-compatible)
`-cert-dist`	Automated certificate distribution (Let’s Encrypt SSL)
`-cert-api`	Full certificate management via API key
`-privkey`	Private key management via API
`-pubkey`	Public key management via API
`-csr`	CSR generation via API
`-install`	Install system DLLs (Windows only, admin required)
`-uninstall`	Remove system DLLs (Windows only, admin required)
`-help`	Display help information
`-version`	Display version information

5. File Signing (Implicit Command)

If the first argument is a file path, signercli automatically enters signing mode.

Examples

signercli myapp.exe
signercli document.pdf
signercli script.js -hash-only
signercli file.exe -profile myprofile

Supported targets include:

Windows executables (.exe, .dll)
PDF documents
Script and binary files
Hash-only signing for detached workflows

6. Authentication Commands

signercli -login <server_url> <username>

or using an SSH key:

signercli -login <server_url> -key ~/.ssh/id_ed25519

Optional:

-include-chain

Authentication features:

SSH-key–based authentication
Token-based session management
Compatible with role-based access control

6.2 Logout

signercli -logout

Revokes the active authentication token
Terminates the session immediately

7. Signature Verification

signercli -verify <file>

Verifies:

Signature validity
Certificate chain
Timestamp (if present)

Example:

signercli -verify file.exe -format table

8. Configuration Management (`config`)

The -config command manages signing profiles, which store:

Server host
Authentication method
Default options

Examples

signercli -config
signercli -config list
signercli -configset default -host https://server.com
signercli -config delete myprofile

Profiles are commonly used in:

Multi-environment setups
CI/CD pipelines
Multi-tenant signer servers

9. Code Signing Shortcuts

These commands provide legacy and convenience shortcuts for code signing.

Command	Description
`-codesign-list`	List code-signing certificates
`-codesign-id`	Get or set active code-signing certificate
`-codesign-cert`	Export code-signing certificate PEM
`-codesign-set`	Set private key password

Internally, these commands map to -cert and -privkey operations.

10. Certificate and Key Management

Command	Purpose
`-cert`	Certificate lifecycle management
`-cert-api`	API-key–only certificate management
`-cert-dist`	Automated SSL issuance (Let’s Encrypt)
`-privkey`	Private key management
`-pubkey`	Public key management
`-csr`	CSR generation

These commands are designed for:

Automation
Server-to-server integration
HSM-backed workflows

Detailed documentation for each command is provided separately

(e.g. signercli -cert Reference).

11. Platform-Specific Commands

Windows Only

signercli -install
signercli -uninstall

Installs or removes system-level DLLs
Requires Administrator privileges
Used for native Windows signing support

12. Global Options

Output Format

-format classic | json | table | csv

Examples:

signercli -config list -format json
signercli -verify file.exe -format table
signercli -logout -format csv

Logging Levels

LOG_NON  – No logging
LOG_ERR  – Errors only
LOG_WRN  – Warnings
LOG_INF  – Informational
LOG_DBG  – Debug output

13. Documentation Reference

Official documentation:

https://certchip.com/signer/help/how-to-use-signer.html

14. Summary

signercli is a unified, enterprise-grade signing CLI that supports:

File signing and verification
Certificate and key lifecycle management
Software and hardware HSM integration
Secure CI/CD automation
Cross-platform operation

Command Line Interface – Full Command Overview​

1. Overview​

2. Version Information​

3. Command Usage​

4. Top-Level Commands​

5. File Signing (Implicit Command)​

Examples​

6. Authentication Commands​

6.1 Login​

6.2 Logout​

7. Signature Verification​

8. Configuration Management (config)​

Examples​

9. Code Signing Shortcuts​

10. Certificate and Key Management​

11. Platform-Specific Commands​

Windows Only​

12. Global Options​

Output Format​

Logging Levels​

13. Documentation Reference​

14. Summary​

Command Line Interface – Full Command Overview

1. Overview

2. Version Information

3. Command Usage

4. Top-Level Commands

5. File Signing (Implicit Command)

Examples

6. Authentication Commands

6.1 Login

6.2 Logout

7. Signature Verification

8. Configuration Management (`config`)

Examples

9. Code Signing Shortcuts

10. Certificate and Key Management

11. Platform-Specific Commands

Windows Only

12. Global Options

Output Format

Logging Levels

13. Documentation Reference

14. Summary