README.txt

   1 TRUSTCACHE(1)               General Commands Manual              TRUSTCACHE(1)
   2
   3 NAME
   4      trustcache – Create and interact with trustcaches
   5
   6 SYNOPSIS
   7      trustcache append [-f flags] [-u uuid | 0] infile file ...
   8      trustcache create [-u uuid] [-v version] outfile file ...
   9      trustcache info [-c] [-h] [-e entrynum] file
  10      trustcache remove [-k] file hash ...
  11
  12 DESCRIPTION
  13      The trustcache utility is used to get info about and modify Apple
  14      trustcaches.
  15
  16      The following commands are supported by trustcache:
  17
  18      append [-f flags] [-u uuid | 0] infile file ...
  19              Modify the trustcache at infile to include each signed Mach-O at
  20              the specified paths.  If file is both 40 characters and
  21              hexadecimal, that hash will be added to the cache.  uuid is used
  22              to specify a custom uuid to be used.  If it is 0, the uuid will
  23              be left the same, otherwise, it will be regenerated.  If -f is
  24              specified, any new entries with have the flags specified at
  25              flags.
  26
  27      create [-u uuid] [-v version] outfile file ...
  28              Create a trustcache at outfile.  Each Mach-O found in the
  29              specified inputs will be scanned for a code signature and hashed.
  30              Any malformed or unsigned Mach-O will be ignored.  Each slice of
  31              a FAT binary will have its hash included.  Versions 0, 1, and 2
  32              are supported, if not specified, 1 is assumed.  If uuid is
  33              specified, that will be used instead of a randomly generated one.
  34
  35      info [-c] [-h] [-e entrynum] file
  36              Print information about file.  The output for each hash will be
  37              in one of these formats:
  38
  39                    <cdhash> <flags> [<hash_type>]
  40                    <cdhash> <flags> [<hash_type>] [<category>]
  41
  42              If the -c is given, only the hashes will be printed.  If -h is
  43              given, only the header will be printed.  If entrynum is
  44              specified, only that entry will be printed.
  45
  46      remove [-k] file hash ...
  47              Remove each specified hash from file.  If -k is specified, the
  48              uuid will not be regenerated.  The number of removed entries will
  49              be printed.
  50
  51 EXIT STATUS
  52      The trustcache utility exits 0 on success, and >0 if an error occurs.
  53
  54 SEE ALSO
  55      cryptex-dump-trust-cache(1), cryptex-generate-trust-cache(1)
  56
  57 HISTORY
  58      The trustcache utility was written by Cameron Katri
  59      <me@cameronkatri.com>.
  60
  61 FreeBSD 14.0-CURRENT             June 16, 2022            FreeBSD 14.0-CURRENT