McAfee MEJCAE-AM-DA Product Guide - Page 5

E-Business Server

™

8.6

Product Guide

3

Encrypting to multiple recipients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Encrypting multiple files to one recipient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Encrypting information to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Automatically encrypting to your own key

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Encrypting for viewing by recipient only

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Encrypting and signing

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Encrypting and wiping the original plaintext file

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Creating Self-Decrypting Archives (SDAs)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63

Creating PGParchives

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Decrypting information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Viewing the decrypted file

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Decrypting SDAs and PGParchives

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

9

Advanced Topics

68

Using scripts with E-Business Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Using E-Business Server without interaction

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Understanding E-Business Server exit status codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Using E-Business Server as a UNIX-style filter

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Working with ASCII and binary data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Encrypting and transmitting binary data

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

Sending binary data files in ASCII-armored format without encryption or signature

. . . . . . . . . . . . . .70

Decrypting ASCII-armored messages

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Sending a public key in ASCII-armored format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Sending ASCII text files to different machine environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Wiping your disk

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Wiping a sensitive data file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Wiping your smart card

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Alternative ways to work with passphrases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Specifying a file descriptor number . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Storing your passphrase with PGPPASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

Passing your passphrase from another application

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Working with groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Creating a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Add recipients to a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Viewing a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Remove recipients from a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Removing an entire group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Starting the ebssdkd

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

Keeping your keyring files open with EBScache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

10

Using the E-Business Server API

78

Library and header file organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

E-Business Server API functions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78

Programming with the E-Business Server API

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Programming on Win32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

Programming on UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

11

Using the Configuration File

86

Learning about the configuration file

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Specifying configuration values

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Setting configuration parameters from the command line

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Configuration parameters

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87

12

Using Command-Line Options

112

Conventions used in this section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Primary command-line options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

13

Using the E-Business Server Administration Utility

136

About the E-Business Server Administration Utility

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

The E-Business Server Administration Utility interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Getting Started with the E-Business Server Administration Utility console . . . . . . . . . . . . . . . . . . . . . . . 136

Starting the E-Business Server Administration Utility

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Adding a server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

McAfee MEJCAE-AM-DA Product Guide - Page 5

Advanced Topics, Using the E-Business Server API, Using the Configuration File

Page 5 highlights

Section	Page
Contents	3
1 Introducing E-Business Server	7
Using this guide	7
Audience	7
Conventions	7
Where to find McAfee product information	8
Using E-Business Server	9
2 E-Business Server Basics	10
What can E-Business Server do for you?	10
‘Key’ concepts	10
Basic steps for using E-Business Server	11
3 Getting Started	14
Setting up E-Business Server	14
Setting the location of E-Business Server files	14
PGPPATH	14
Syntax	14
Notes	14
Default file locations on Unix	15
Default file locations on Windows NT	15
Default file locations on Windows 2000	15
Starting E-Business Server	16
Checking the version you have installed	16
E-Business Server command syntax	17
Entering long options on the command line	17
Entering legacy options on the command line	17
Entering configuration parameters on the command line	18
Specifying keys using the user ID	18
Specifying keys using the key ID	18
Getting help while you work	19
Cancelling an operation	19
4 Creating and Exchanging Keys	20
Choosing a key type	20
Creating a key pair	20
Creating subkeys	22
Creating a key pair on a smart card	22
Creating a passphrase that you will remember	23
Working with public and private keyrings	24
Changing the location or names of your keyrings	24
Unix	24
Windows NT	24
Windows 2000	24
Backing up your keys	24
Protecting your keys	25
What if I forget my passphrase or lose my key?	25
What is key reconstruction?	25
Exchanging keys with others	26
Exporting (copying) your key to a file	26
With your secret key	26
In a format you can email	27
Exporting multiple keys	27
Adding a key to your keyring	27
Exchanging keys using a key server	27
Adding your key to a key server	28
Removing your key from a key server	28
Searching for a key on a key server	28
Getting someone’s public key from a key server	28
5 Managing Keys	30
Managing your keyring	30
Viewing your keys	30
On another keyring	31
Display all user IDs associated with each key	31
Display all signatures associated with each key	31
Getting more information about keys	31
Getting more information about signatures on a key	32
Removing keys from your keyring	32
Removing a public key from your keyring	32
Removing a key pair from your keyring	33
Removing all keys from your smart card	33
Removing a specific key pair from your smart card	33
Verifying the contents of your public keyring	34
Updating keys on your keyring	34
Editing your key	35
Adding and removing user IDs	35
Setting your primary user ID	36
Changing your passphrase	36
Editing trust options for your key	36
Remove a signature from a key	37
Adding a designated revoker to your key	37
Adding and removing photo IDs	38
Revoking a key	38
Disabling and enabling a key	39
Splitting and rejoining a key	39
Creating a split key	39
Reconstituting a split key	40
Reconstituting a split key locally	40
Reconstituting a split key over the network	41
Joining a key over the network	41
Additional Decryption Keys	42
Recover data in an emergency	42
Data recovery versus key recovery	42
Types of ADKs	42
Additional Decryption Key policy	42
Protecting your Additional Decryption Key	42
Implementing your Additional Decryption Keys	43
Deleting your key from a key server	43
Reconstructing your key	44
6 Working with Digital Signatures	46
Signing information	46
Producing a clear-signed message	46
Signing with a specific private key	47
Signing and encrypting	47
Signing and encrypting a plaintext ASCII text file	47
Creating a detached signature	47
Verifying a digital signature	48
Verifying a detached signature	48
Storing signed files: signing a file without encrypting	48
Validity and trust	48
Checking a key’s validity	49
Viewing signatures on a key	49
Getting more information about signatures on a key	49
Viewing a key’s fingerprint	49
Granting trust for key validations	49
Changing your trust settings on a key	50
Signing a key	50
Specifying the type of signature you want to add to a key	51
Adding an expiration date to your signature	51
Removing signatures from your key	51
7 Working with X.509 Certificates	52
Common X.509 options	52
Specifying a certificate with the issuer’s name and serial number	52
Specifying certificate attributes	53
Adding an X.509 certificate to your key or keyring	54
Getting an X.509 certificate from a CA	54
Automatically requesting and adding an X.509 certificate to your key	54
Retrieving and adding the Root CA certificate to your keyring	55
Specifying CA parameters in the E-Business Server configuration file	55
Automatically requesting a certificate from the CA	55
Retrieve your certificate and add it to your key pair	56
Manually requesting and adding an X.509 certificate to your key	56
Creating a PKCS #10 certificate request	56
Sending your certificate request to the CA	57
Manually retrieve your certificate and add it to your key pair	57
Exporting an X.509 certificate from your key	57
Issuing X.509 certificates	58
Create a new key for issuing X.509 certificates	58
Create a Root CA certificate	58
Sign public keys with the root certificate	59
Updating X.509 certificates on your keyring	60
8 Encrypting and Decrypting	62
Exchanging encrypted information	62
Getting the recipient’s public key	62
Encrypting information	62
Encrypting with conventional encryption	62
Encrypting with public key encryption	63
Encrypting into ASCII-armored format	63
Encrypting a text file	63
Encrypting and specifying the output file	63
Encrypting to multiple recipients	64
Encrypting multiple files to one recipient	64
Encrypting information to a group	64
Automatically encrypting to your own key	64
Encrypting for viewing by recipient only	64
Encrypting and signing	65
Encrypting and wiping the original plaintext file	65
Creating Self-Decrypting Archives (SDAs)	65
Creating PGParchives	66
Decrypting information	67
Viewing the decrypted file	67
Viewing decrypted plaintext output on your screen	67
Renaming the decrypted plaintext output file	67
Recovering the original plaintext filename	68
Decrypting SDAs and PGParchives	68
9 Advanced Topics	70
Using scripts with E-Business Server	70
Using E-Business Server without interaction	70
Understanding E-Business Server exit status codes	70
Using E-Business Server as a UNIX-style filter	71
Working with ASCII and binary data	71
Encrypting and transmitting binary data	71
Sending binary data files in ASCII-armored format without encryption or signature	72
Decrypting ASCII-armored messages	72
Sending a public key in ASCII-armored format	72
Sending ASCII text files to different machine environments	72
Wiping your disk	73
Wiping a sensitive data file	73
Wiping your smart card	73
Alternative ways to work with passphrases	74
Specifying a file descriptor number	74
PGPPASSFD	74
PASSPHRASE-FD	75
CONVENTIONAL-PASSPHRASE-FD	75
PIN-FD	75
CHALLENGE-FD	75
Storing your passphrase with PGPPASS	75
Passing your passphrase from another application	76
Working with groups	76
Creating a group	76
Add recipients to a group	77
Viewing a group	77
Remove recipients from a group	77
Removing an entire group	77
Starting the ebssdkd	77
Keeping your keyring files open with EBScache	78
10 Using the E-Business Server API	80
Library and header file organization	80
E-Business Server API functions	80
PGPeBizInit	81
Syntax	81
Parameters	81
Notes	81
PGPeBizCleanUp	82
Syntax	82
Parameters	82
Notes	82
PGPeBiz	83
Syntax	83
Parameters	83
Notes	83
PGPeBizFree	84
Syntax	84
Parameters	84
Notes	84
PGPeBizErrorString	85
Syntax	85
Parameters	85
Notes	85
Programming with the E-Business Server API	86
Programming on Win32	86
Programming on UNIX	86
Setting the run-time library path	86
Linux	86
Solaris	86
AIX and HP-UX	86
11 Using the Configuration File	88
Learning about the configuration file	88
Specifying configuration values	88
Setting configuration parameters from the command line	88
Configuration parameters	89
ADD-ALL	89
Syntax	89
ADK-KEY	89
Syntax	89
Default Value	89
Notes	89
ALIAS	90
Syntax	90
Notes	90
ALLOW-PASSPHRASE-RETRY	91
Default Value	91
ARMOR	91
Default Value	91
Notes	91
AUTHENTICATE	91
Default Value	91
Details	91
AUTH-PASSPHRASE	91
Default Value	91
AUTH-USER	91
Default Value	91
BATCHMODE	91
CA-REVOCATION-URL	92
Default Value	92
CA-ROOT-CERT	92
Syntax	92
Default Value	92
CA-TYPE	92
Default Value	92
CA-URL	92
Default Value	92
CERT-ATTRIBUTE	92
Syntax	92
Notes	92
CERT-DEPTH	93
Default Value	93
Notes	93
CHALLENGE-FD	93
CIPHER	93
Default Value	93
CIPHERNUM	93
CLEARSIG	94
Default Value	94
Notes	94
CMDLINE-FORMAT	94
Syntax	94
Default Value	94
Notes	94
COMMENT	94
Default Value	95
COMPATIBLE	95
COMPLETES-NEEDED	95
Default Value	95
COMPRESS	95
Default Value	95
CONVENTIONAL-PASSPHRASE-FD	95
DEFAULT-KEY	95
Default Value	95
Notes	95
DEPTH	96
Default Value	96
Notes	96
DISCARD-PATHS	96
Default Value	96
Notes	96
ENCRYPT-TO-SELF	96
Default Value	96
ENFORCE-ADK	96
Default Value	96
Notes	96
EXPIRES-AFTER	97
Default Value	97
EXPORTABLE	97
EXPORT-FORMAT	97
Default Value	97
FASTKEYGEN	97
Default Value	97
FINGERPRINT-VIEW	97
Syntax	97
Default Value	97
FORCE	98
Default Value	98
FTP-PASSWORD	98
Syntax	98
Default Value	98
Notes	98
FTP-PATHNAME	98
Syntax	98
Default Value	98
FTP-PORT	98
Syntax	98
Default Value	98
Notes	98
FTP-SECURE	99
Syntax	99
Default Value	99
FTP-SERVER	99
Syntax	99
Default Value	99
Notes	99
FTP-USERNAME	99
Syntax	99
Default Value	99
Notes	99
GROUPSFILE	99
Default Value	100
Notes	100
HASH	100
Default Value	100
HASHNUM	100
INFO	100
Default Value	100
Notes	100
INTERACTIVE	101
ISSUER-DN	101
Default Value	101
ISSUER-SERIAL	101
Default Value	101
KEYSERVER	101
Notes	101
KEYSERVER-TYPE	101
Default Value	101
KEY-SIZE	101
Default Value	102
KEY-TYPE	102
Default Value	102
LICENSEFILE	102
Default Value	102
LOCAL-TIMES	102
Syntax	102
LOG-FILE	102
Default Value	102
MARGINALS-NEEDED	102
Default Value	102
OVERWRITE	102
Syntax	102
Notes	102
PAGER	103
Default Value	103
PASSPHRASE-FD	103
PASS-THROUGH	103
Default Value	103
PIN-FD	103
PGP-MIME	103
Default Value	103
PGP-MIMEPARSE	104
Default Value	104
PRESERVE-NAME	104
Default Value	104
PUBRING	104
Default Value	104
Notes	104
QUESTION	104
RANDOM-DEVICE	105
Default Value	105
RANDSEED	105
Default Value	105
Notes	105
REVERSE	105
Default Value	105
RSAVER	105
Use of this setting in the configuration file or as a +OPTION is deprecated. SDA is only supported for compatibility purposes.Creating Self-Decrypting Archives (SDAs) on page 63Default Value	105
SECRING	105
Default Value	105
Notes	106
SECURE-VIEWER	106
Default Value	106
SHOWPASS	106
Default Value	106
SIG-TYPE	106
Default Value	106
SIGNEDBY	106
Syntax	106
Default Value	106
Details	107
SIGN-ONLY	107
Default Value	107
Notes	107
SMARTCARD-DLL	107
Syntax	107
Default Value	107
SMARTCARD-TYPE	107
Default Value	107
SMTP-SERVER	107
Syntax	107
Default Value	107
Notes	107
SMTP-PORT	108
Syntax	108
Default Value	108
Notes	108
SMTP-USERNAME	108
Syntax	108
Default Value	108
Notes	108
SMTP-PASSWORD	108
Syntax	108
Default Value	108
Notes	109
SMTP-SENDER	109
Syntax	109
Default Value	109
Notes	109
SMTP-RECIPIENT	109
Syntax	109
Default Value	109
Notes	109
SMTP-SUBJECT	109
Syntax	109
Default Value	109
Notes	109
SMTP-CC	109
Syntax	109
Default Value	110
Notes	110
SMTP-BCC	110
Syntax	110
Default Value	110
Notes	110
SMTP-NOTE	110
Syntax	110
Default Value	110
Notes	110
SMTP-NOTE-FILE	110
Syntax	110
Default Value	110
Notes	110
SORT	111
Syntax	111
Default Value	111
Notes	111
STATUS-FD	111
TEXTMODE	111
Default Value	111
Notes	111
TMP	111
Default Value	111
VERBOSE	112
WARN-ADK	112
Default Value	112
Notes	112
WIDTH	112
Default Value	112
Notes	112
WIPE	112
Default Value	112
WIPE-PASSES	112
Default Value	113
12 Using Command-Line Options	114
Conventions used in this section	114
Primary command-line options	114
armor	114
Syntax	114
Modifiers	114
cert-request	114
Syntax	114
Modifiers	115
Notes	115
cert-retrieve	115
Syntax	115
Modifiers	115
Notes	115
decrypt	115
Syntax	115
Modifiers	116
Notes	116
encrypt	118
Syntax	118
Modifiers	119
Notes	121
extract-photoid	122
Syntax	122
Modifiers	122
Notes	122
group	122
Syntax	122
group-add	122
Syntax	122
group-detail	122
Syntax	122
group-list	122
Syntax	122
group-remove	122
Syntax	122
Modifiers	123
help	123
Syntax	123
Modifiers	123
key-add	123
Syntax	123
Modifiers	123
Notes	123
key-detail	123
Syntax	123
Modifiers	124
Notes	124
key-edit	125
Syntax	125
Modifiers	125
key-export	125
Syntax	126
Modifiers	126
Notes	126
key-gen	126
Syntax	127
Modifiers	127
Notes	127
key-join	128
Syntax	128
Notes	128
key-list	128
Syntax	128
Modifiers	128
Notes	128
key-reconstruct	128
Syntax	128
Modifiers	129
Notes	129
key-remove	129
Syntax	129
Modifiers	129
key-sign	129
Syntax	129
Modifiers	130
Notes	130
key-split	130
Syntax	130
key-update	131
Syntax	131
Modifiers	131
keyserver-delete	131
Syntax	131
Modifiers	131
Notes	131
keyserver-disable	132
Syntax	132
Modifiers	132
Notes	132
keyserver-fetch	132
Syntax	132
Modifiers	132
keyserver-search	132
Syntax	132
Modifiers	133
keyserver-send	133
Syntax	133
Modifiers	133
list-aliases	133
Syntax	133
reconstruct-data	133
Syntax	133
Modifiers	134
Notes	134
send-share	134
Syntax	134
Modifiers	134
Notes	134
sig-detail	134
Syntax	134
Modifiers	135
sign	135
Syntax	135
Modifiers	135
version	135
Syntax	135
Modifiers	135
wipe	135
Syntax	135
Modifiers	136
13 Using the E-Business Server Administration Utility	138
About the E-Business Server Administration Utility	138
The E-Business Server Administration Utility interface	138
Getting Started with the E-Business Server Administration Utility console	138
Starting the E-Business Server Administration Utility	139
Adding a server	139
Connecting to a server	139
Disconnecting from a server	140
Accessing the E-Business Server key management tools	140
Creating a new key pair	140
Signing a key	141
Deleting a key	141
Exporting a key	141
Creating a subkey	142
Adding a new User ID	142
Revoking a key	143
Accessing the E-Business Server configuration tools	143
The Key management tab	144
The Key Server tab	145
The SMTP tab	145
The Other tab	146
The Encryption/Decryption tab	146
The Files tab	147
Enabling logging	148
The FTP tab	149
The Hardware tab	150
The Signatures tab	150
The Aliases tab	150
To add a new alias	151
To edit an alias	151
To delete an alias	151
The ADK tab	152
The Authentication tab	152
The Certificates tab	152
The User Interaction tab	153
Setting Preferences	153
Changing the E-Business Server Administration Utility’s appearance	153
To change color scheme	153
Changing the default connection port	154
Appendixes and Index	156
A Command-Line Reference	157
Key options	157
Email and file options	157
Keyserver options	158
Group options	158
Help options	159
B Attaching Regular Expressions to Signatures	161
Attaching a regular expression to a signature	161
Definitions of the regular expression syntax used in E-Business Server	161
C Understanding Key List Displays	163
Key List Displays	163
Example of --key-list option	163
Example of --key-list --with-userids option	163
Example of --key-list --with-sigs option	164
Understanding the key list display	164
Algorithm (Alg)	164
Type	164
Size	164
Flags	165
Key ID	165
User ID	165
D Exit and Error Codes	167
General errors	167
Keyring errors	167
Encode errors	167
Decode errors	168
Split key errors	168
File errors	168
Smart card errors	168
Group errors	168
Key reconstruction errors	169
Key errors	169
Key server errors	169
Key update errors	169
E Supported Certificate Attributes	171
General X.509 certificate attributes	171
Verisign-specific certificate attributes	172
F Compatibility with Previous Releases	173
Legacy compatibility	173
Using +OPTIONS on the command line	173
Upgrading from a previous release	173
G Biometric Word Lists	175
The two-syllable word list	175
The three-syllable word list	177