McAfee MEJCAE-AM-DA Product Guide - Page 34
Verifying the contents of your public keyring, Updating keys on your keyring, ADK-KEY
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 34 highlights
Managing Keys Managing your keyring For information on how to view the contents of your smart card, see Viewing your keys on page 28. For more information on various ways to supply E-Business Server with your passphrase, see Alternative ways to work with passphrases on page 72. Verifying the contents of your public keyring E-Business Server automatically checks any new keys or signatures on your public keyring and updates all the trust parameters and validity scores. In theory, it keeps all the key validity status information up-to-date as material is added to or deleted from your public keyring. At some point, however, you may want to explicitly force E-Business Server to perform a comprehensive analysis of your public keyring, checking all the certifying signatures, checking the trust parameters, updating all the validity scores, and checking your own ultimately-trusted key against a backup copy on a write-protected floppy disk. It may be a good idea to do this hygienic maintenance periodically to make sure nothing is wrong with your public keyring. To force E-Business Server to perform a full analysis of your public keyring, use the --key-check command: ebs --key-check You can also use the following command to make E-Business Server check all the signatures for a single selected public key: ebs --key-check [] Updating keys on your keyring As you add to or change information on your key pair, it is recommended that you send your updated key to a key server so that your most current key is always available to others. Likewise, to ensure that you are always using the most current keys belonging to other E-Business Server users, you should periodically update your local keyring with the keys on a key server. To do so, enter the following at the command line: ebs --key-update [--keyserver ] E-Business Server searches the specified key server or generic LDAP server for all keys on your local keyring and merges the matching keys back into your keyring. By default, E-Business Server searches the key server specified by the KEYSERVER parameter in the E-Business Server configuration file (see KEYSERVER on page 99). To update additional key information, add various modifiers to the --key-update command using the following syntax: ebs --key-update [--adk | --keys | --revokers | --introducers | --x509 | --crl] A description of each of these modifiers is listed below: --adk updates and adds Additional Decryption Keys (ADKs) associated with a key on your keyring. If ADK-KEY is set in the E-Business Server configuration file (see ADK-KEY on page 87), then that key is also updated or added to your local keyring. --keys specifies that all keys on your keyring are updated from the key server. This is the default operation if no modifiers are supplied. --revokers specifies that all designated revokers associated with keys on your keyring are also updated from the key server. If a designated revoker's key is not currently on your keyring, E-Business Server adds it from the key server. --introducers specifies that E-Business Server updates or adds introducer keys to your keyring for all keys with meta-introducer signatures on them. E-Business Server™ 8.6 Product Guide 32