McAfee MEJCAE-AM-DA Product Guide - Page 50
Changing your trust settings on a key, Signing a key
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 50 highlights
Working with Digital Signatures Signing a key This means that if you ever get a key from someone that has been signed by an individual whom you have designated as trustworthy, the key is considered valid even though you have not done the check yourself. Changing your trust settings on a key To edit the trust parameters for a particular key on your keyring (that is, to designate someone a trusted introducer), you use the --key-edit option. ebs --key-edit --trust Your trust options are: • Enter none, if you do not know if you trust the owner of this key to act as a trusted introducer, or if you do not trust the owner of this key. • Enter marginal, if you usually trust the owner of this key to act as a trusted introducer. • Enter complete, if you always trust the owner of this key to act as a trusted introducer. • Enter implicit, if the key is your own key. For more information on editing your key and key management, see Editing your key on page 33. Signing a key Note: For information on creating an X.509 certificate signature, see General X.509 certificate attributes on page 169. To sign and validate someone else's public key on your public keyring, use the --key-sign option. When you sign a key it is automatically considered valid to you. Note: Be absolutely certain that the key belongs to its purported owner before you sign it! Your default signing key is used to sign the key, unless you add the --sign-with modifier to the command line. You may also specify the passphrase for your signing key by using the --passphrase modifier. E-Business Server uses the signature type specified by the SIG-TYPE parameter in the E-Business Server configuration file. If you want to specify a different signature type when signing a key, see the instructions outlined in Specifying the type of signature you want to add to a key on page 49. During the key signing process, you are given the option to attach a regular expression to your signature. The purpose of which is to restrict the scope of the target key's signature power. For more information about regular expressions, see Attaching Regular Expressions to Signatures. Note: The key you are signing must be present on your keyring. To sign a key: 1 Enter the following at the command line: ebs --key-sign