McAfee MEJCAE-AM-DA Product Guide - Page 48
Verifying a digital signature, Storing signed files: signing a file without encrypting
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 48 highlights
Working with Digital Signatures Verifying a digital signature To create a separate, detached signature certificate file, combine the --detached modifier with the --sign option. You can optionally specify which private key to use to sign the file. ebs --sign --detached [--output ] [--sign-with ] For example: ebs --sign letter.txt --detached This instructs E-Business Server to produce a separate, detached signature certificate in a file named letter.txt.sig. The contents of letter.txt.sig are not appended to letter.txt. Verifying a digital signature To determine whether an attached digital signature is valid, you verify it. E-Business Server automatically verifies signatures as part of the decryption operation. If you want to verify a file, use the same syntax as that for decryption: ebs Verifying a detached signature When you attempt to process a detached signature certificate file, E-Business Server asks you to identify the corresponding text file. Once the text file is identified, E-Business Server checks the signature integrity. If you know that a signature is detached from a text file, you can specify both filenames on the command line: ebs For example: ebs letter.txt.sig letter.txt If the text file exists in the same directory as the detached signature certificate file, you can enter the following shortened command: ebs letter.txt.sig E-Business Server assumes that the signed text has the same name as the signature (.sig) file-if it does not, then you must specify the filename. Storing signed files: signing a file without encrypting If you sign a plaintext file without specifying encryption, E-Business Server compresses the file after you sign it. This makes the file unreadable to the casual human observer. This is a suitable way to store signed files in archival applications because it saves space. However, it is not an especially secure means for storing the data. Validity and trust Every user in a public key system is vulnerable to mistaking a phony key (certificate) for a real one. Validity is confidence that a public key certificate belongs to its purported owner. Validity is essential in a public key environment where you must constantly establish whether or not a particular certificate is authentic. When you've assured yourself that a key belonging to someone else is valid, you can sign the copy on your keyring to attest to the fact that you've checked the key and that it's an authentic one. If you want others to know that you gave the key your stamp of approval, you can export the signature to a certificate server so that others can see it. E-Business Server™ 8.6 Product Guide 46