#!/bin/bash
# extract ascii armored signature from a PE binary
set -e

infile="$1"

if [ -z "$infile" -o ! -e "$infile" ]; then
	echo "USAGE: $0 file.efi"
	exit 1
fi

nssdir=`mktemp -d`
cleanup()
{
	rm -r "$nssdir"
}
trap cleanup EXIT
echo > "$nssdir/pw"
certutil -f "$nssdir/pw" -d "$nssdir" -N

# wtf?
(pesign -n "$nssdir" -h -P -i "$infile";
pesign -n "$nssdir" -a -f -e /dev/stdout -i "$infile")|cat