manpagez: man pages & more
man xip(1)
Home | html | info | man
xip(1)                    BSD General Commands Manual                   xip(1)


NAME

     xip -- Create a signed archive for secure distribution


SYNOPSIS

     xip [options] --sign identity input-file ... output-archive


DESCRIPTION

     The xip tool archives one or more files or directories into a signed XIP
     file. A XIP file is an analog to zip(1), but allows for a digital signa-
     ture to be applied and verified on the receiving system, before the ar-
     chive is expanded. When a XIP file is opened (by double-clicking), Ar-
     chive Utility will automatically expand it (but only if the digital sig-
     nature is intact).

     To create a XIP file, you will need to have a certificate and correspond-
     ing private key -- together called an ``identity'' -- in one of your
     accessible keychains. To add a signature, specify the name of the iden-
     tity using the --sign option. The identity's name is the same as the
     ``Common Name'' of the certificate.

     If you want to search for the identity in a specific keychain, specify
     the path to the keychain file using the --keychain option. Otherwise, the
     default keychain search path is used.

     xip will embed the signing certificate in the XIP file, as well as any
     intermediate certificates that are found in the keychain.

     The signature can optionally include a trusted timestamp. This is enabled
     by default when signing with a Developer ID identity, but it can be
     enabled explicitly using the --timestamp option. A timestamp server must
     be contacted to embed a trusted timestamp. If you aren't connected to the
     Internet, you can use --timestamp=none to disable timestamps, even for a
     Developer ID identity.


ARGUMENTS AND OPTIONS

     --sign identity-name
                 The name of the identity to use for signing the archive.

     --keychain keychain-path
                 Specify a specific keychain to search for the signing iden-
                 tity.

     --timestamp
                 Include a trusted timestamp with the signature.

     --timestamp=none
                 Disable trusted timestamp, regardless of identity.

     input-file ...
                   The path to one or more files or directories to be
                   archived.

     output-archive
                   The path to which the signed archive will be written.

Mac OS                        September 23, 2011                        Mac OS

Mac OS X 10.8 - Generated Mon Aug 20 16:34:33 CDT 2012
© manpagez.com 2000-2021
Individual documents may contain additional copyright information.