McAfee MEJCAE-AM-DA Product Guide - Page 89
Configuration parameters, ADD-ALL, Syntax, ADK-KEY, Default Value, Notes
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 89 highlights
Using the Configuration File Learning about the configuration file For example, if the ARMOR parameter is set to on in the E-Business Server configuration file, you can override this setting by using the --armor option on the command line: ebs --encrypt --armor off message.txt --user smith If you are working in legacy mode, then you must precede the parameter setting with a plus (+) character. For example, if the ENCRYPT-TO-SELF parameter is turned off in the configuration file, but you want to use it in a single legacy operation, then enter the following on the command line: ebs -e +ENCRYPT-TO-SELF=on message.txt smith For the location of the pgp.cfg file, please refer to Setting the location of E-Business Server files on page 12. The remainder of this chapter summarizes E-Business Server's configuration parameters in alphabetical order. Configuration parameters ADD-ALL Specifies that --keyserver-fetch will always add all matching keys found on the keyserver to the local keyring. If not specified, then each matching key is displayed in turn, and E-Business Server prompts for confirmation that you want to import each key. Syntax ADD-ALL = off ADK-KEY Specifies an Additional Decryption Key (ADK) for messages encrypted and keys generated. Encrypt to an Additional Decryption Key (ADK). When this parameter is used, all generated keys have an ADK equal to the value of ADK-KEY. Additionally, everything E-Business Server encrypts to a public key is also encrypted to the ADK key identified by this parameter. Note the difference between incoming ADKs and outgoing ADKs as described in Managing Keys on page 28. If you choose to use two different keys for the incoming and outgoing ADKs, you can set ADK-KEY to specify the outgoing ADK, then use --adk-key on the command line to override it during key generation to specify the incoming ADK attached to such keys. Syntax ADK-KEY = For example: ADK-KEY = 0xAB12C34D Default Value ADK-KEY = "" Notes • You use ADK-KEY in conjunction with the parameter ENFORCE-ADK to determine whether E-Business Server enforces the use of ADKs. If ENFORCE-ADK is not set, then users can subvert use of the ADK. • If ENFORCE-ADK is on and the encryption key was generated with ENFORCE-ADK set to on, data is always encrypted to the ADK if the ADK key is available. If the ADK key is not available, an error message appears and the encryption operation fails. • If ENFORCE-ADK is set to off and the ADK key is not present on the user's keyring, E-Business Server displays a warning message and does not encrypt to the ADK key. • You can also set this parameter on the command line with the -- prefix; for example, --ADK-KEY 0xAB12C34D. 87 E-Business Server™ 8.6 Product Guide