trustcache

trustcache copied to clipboard

TRUSTCACHE(1) General Commands Manual TRUSTCACHE(1)

NAME trustcache – Create and interact with trustcaches

SYNOPSIS trustcache append [-f flags] [-u uuid | 0] infile file ... trustcache create [-u uuid] [-v version] outfile file ... trustcache info [-c] [-h] [-e entrynum] file trustcache remove [-k] file hash ...

DESCRIPTION The trustcache utility is used to get info about and modify Apple trustcaches.

 The following commands and flags are supported by trustcache:

 -v, --version
         Print the current version of trustcache.

 append [-f flags] [-u uuid | 0] infile file ...
         Modify the trustcache at infile to include each signed Mach-O at
         the specified paths.  If file is both 40 characters and
         hexadecimal, that hash will be added to the cache.  uuid is used
         to specify a custom uuid to be used.  If it is 0, the uuid will
         be left the same, otherwise, it will be regenerated.  If -f is
         specified, any new entries with have the flags specified at
         flags.

 create [-u uuid] [-v version] outfile file ...
         Create a trustcache at outfile.  Each Mach-O found in the
         specified inputs will be scanned for a code signature and hashed.
         Any malformed or unsigned Mach-O will be ignored.  Each slice of
         a FAT binary will have its hash included.  Versions 0, 1, and 2
         are supported, if not specified, 1 is assumed.  If uuid is
         specified, that will be used instead of a randomly generated one.

 info [-c] [-h] [-e entrynum] file
         Print information about file.  The output for each hash will be
         in one of these formats:

               <cdhash> <flags> [<hash_type>]
               <cdhash> <flags> [<hash_type>] [<category>]

         If the -c is given, only the hashes will be printed.  If -h is
         given, only the header will be printed.  If entrynum is
         specified, only that entry will be printed.

 remove [-k] file hash ...
         Remove each specified hash from file.  If -k is specified, the
         uuid will not be regenerated.  The number of removed entries will
         be printed.

EXIT STATUS The trustcache utility exits 0 on success, and >0 if an error occurs.

SEE ALSO cryptex-dump-trust-cache(1), cryptex-generate-trust-cache(1)

HISTORY The trustcache utility was written by Cameron Katri [email protected].

FreeBSD 14.0-CURRENT June 16, 2022 FreeBSD 14.0-CURRENT