McAfee MEJCAE-AM-DA Product Guide - Page 93
CERT-DEPTH, Default Value, Notes, CHALLENGE-FD, CIPHER, CIPHERNUM
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 93 highlights
Using the Configuration File Learning about the configuration file CERT-DEPTH The configuration parameter CERT-DEPTH identifies how many levels deep you can nest trusted introducers. (Trusted introducers are those people who you trust to certify-or validate-others' keys. If a trusted introducer certifies a key, it will appear valid on your public keyring.) Default Value CERT-DEPTH = 4 Notes For example, if CERT-DEPTH is set to 1, there can only be one layer of introducers below your own ultimately-trusted key. If that is the case, you are required to directly certify the public keys of all trusted introducers on your keyring. If you set CERT-DEPTH to zero, you could have no introducers at all, and you would have to directly certify each and every key on your public keyring to use it. The minimum CERT-DEPTH is 0; the maximum is 8. CHALLENGE-FD Use the CHALLENGE-FD option to specify a file descriptor for supplying the challenge passphrase used by Verisign for its certificate revocation process. This can also be set with --cert-attribute Challenge="...". However, specifying the Challenge attribute on the shell command-line could reveal the challenge passphrase to other users on the system. The --challenge-fd option provides a more secure method of delivering the passphrase to E-Business Server. Set the CHALLENGE-FD parameter equal to a file descriptor number. For shell scripts, use the redirection syntax described under PASSPHRASE-FD. Note that API programs can send passphrases via its "command line" argument with the same safety as storing the passphrase in the program's memory space. CIPHER Specifies which symmetric cipher E-Business Server should use to encrypt the session key-IDEA, Triple-DES, CAST, AES, or Twofish. This parameter specifies the cipher preference when generating a new key pair, when changing the self-signature or passphrase on your private key, and when performing a conventional encryption operation, except when you are creating an SDA or PGParchive, which always use CAST5. Note: This setting is ignored when generating RSA Legacy keys. RSA Legacy keys always use the IDEA cipher. Default Value CIPHER = IDEA Your options are: • IDEA • 3DES • CAST5 • AES128 • AES192 • AES256 • Twofish CIPHERNUM The CIPHERNUM parameter is only supported for compatibility purposes. Unless you are running in legacy mode, a warning appears if your configuration file contains this setting. Use the CIPHER parameter instead. For more information, see CIPHER on page 91. 91 E-Business Server™ 8.6 Product Guide