TrustPort eSign PRO: Command Line

TrustPort eSign PRO (commandline version) is a console application that contains many of the functionality provided by TrustPort eSign PRO and a several functions in addition, which advances program's usability for another kind of users. The managing is also done through this application, and not through a number of different applications like in TrustPort eSign PRO, which is also a benefit.

Working with this application can be divided into following sections:

Common information

Besides this division belong actions for obtaining basic information about program, help and a list of available storages. If you want to see program version, use -v or --version . Help for basic parameters is available with -h or --help , for all possible parameters use --ahelp . List of all available storages is possible to write out by -L or --liststorages .

There are some common parameters for all the groups mentioned above.

Operation working with any object in a storage may be executed with -O pattern or --object=pattern . This parameter use if you can more precisely specify object(s) for the operation. For example esign -O my -f file -m sgn limits the selection only on those keys that contain string my anywhere in their alias.

This pattern is searched only in alias in case of private key, while for certificates all items are searched. You can however reduce the searching on certificates with following command line options:

  • --alias
  • --ownerkeyid
  • --issuerhash
  • --email
  • --pubkeyhash
  • --caissuerhash
  • --ownerhash
  • --issuerkeyid
  • --commonname

For local storages all this parameters are possible. For tokens only certificate aliases searching may be set (i.e. --alias ). For hybrid storages, only --email and --commonname is permitted. Invalid parameters are ignored in context of given device.

If more than one option is used, the searching is then reduced on any combination of given criteria. For example esign -O something --alias --email --commonname -f file -m enc reduces selection of certificates for encrypting only on those containing string something wherever in their alias, name or email.

Searching considers any strings containing given value as a substring a match. If you want to search for exact matches only, use either -w or --wholename parameter.

If you want to use the first matching item found, use the --first parameter. When you work with certificates (e.g. -m enc ), it may come useful to select all found items for the operation. In order to do that, use --allcertificates parameter.


  • esign -f file -m sgn --first use for signing of file first private key which found in the default local storage
  • esign -f file -m enc -O Smith --allcertificates use for encrypting all found certificates in the default local storage that contain string "Smith"

Reading a licence key

Licence key is neccessary for correct program work. Program search file esign.key with licence key in directory where program is stored. If you use your own instalation, e.g. file esign.exe and neccessary libraries are placed in other directory, it's important either copy licence key to this directory or specify path to licence key file by parameter --lickey=licence file .

Program modes

The program itself can work in more modes. When you don't use any special parameters to precise desired operation, the program uses default values (or functions) and doesn't annoy you with any unnecessary questions. For example, when you generate a key pair with default values, 1024 bits long RSA private key is saved into a default storage. However, you are always asked questions about information that program can not fill up, like some certificate details. You can change the default behavior using the appropriate parameter to change certain properities, e.g. to generate 2048 long DSA key. User can also use so called verbose mode. It's switched on by a --verbose parameter. He is then asked to all needed details that haven't been specified on the command line. Later possibility for storing some options is using of a configuration file . He can be later used on command line through --inifile=filename . This will predefine default values to those in the file. The -u or --useconfig parameter will load escmd.conf, a file which contain the default values.

Confirmation request for overwriting an existing file

An explicit confirmation is required by program (running in any mode) before overwriting an existing file. This complies with usual program behaviour which allows user to cancel an operation without overwriting file contents. This behaviour may sometimes be annoying, e.g. if you schedule some tasks with specified parameters. For this reason exists parameter --rewrite to prevent such situation from happening as it overwrites contents of existing file without prompting.

Related references

Main page

Copyright 2010, TrustPort, a.s., All rights reserved.