=head1 MODES OF OPERATION

The modes of operation described in this section are mutually
exclusive.  In other words, only one mode may be specified per
invocation.

=over 5

=item B<{-s|--sign-payload}> B<{-k|--key-file}> B<key> B<payload> B<[payload ...]>

Use B<key> to digitally sign the specified B<payload>.  The B<key>, as
specified by the B<--key-file> argument, must be a PEM-encoded DSA or
RSA key.  For each B<payload> signed, a corresponding signature file
will be created.  Signature files have the same basename as the
original B<payload>, and they end with a '.sig' suffix.  The format of
a signature file is a single line of base64-encoded data.

To allow for automated or batch signing, B<WebJob-DsvTool> will honor
the DSV_PASSPHRASE environment variable so long as it's less than
DSV_MAX_PASSPHRASE_LENGTH bytes long -- this length is defined in
dsv.h.  While this mechanism is supported, its use in production
environments is not recommended because it increases the risk of
passphrase exposure.

=item B<{-V|--verify-signature}> B<{-f|--cert-file}> B<cert> B<payload> B<signature>

Use the specified B<signature> and B<cert> to verify the integrity of
B<payload>.  The B<cert>, as specified by the B<--cert-file> argument,
must be a PEM-encoded certificate.

=item B<{-V|--verify-signature}> B<{-t|--cert-tree}> B<tree> B<payload> B<signature>

Use the specified B<signature> and all certificates stored in the
certificate B<tree> to verify the integrity of B<payload>.  The files
stored in the certificate B<tree> must be PEM-encoded certificates --
invalid and non-PEM-encoded files are silently ignored.  Each
certificate in the certificate B<tree> is used, in turn, to verify the
B<payload's> integrity.  The verification process does not stop until
a match is found or all certificates have been tried.  Note that
B<WebJob-DsvTool> will not search for certificates in sub-directories
of the specified B<tree>.

=item B<{-v|--version}>

Display version information and exit.

=back