McAfee MEJCAE-AM-DA Product Guide - Page 96
Depth, Default Value, Notes, Discard-paths, Encrypt-to-self, Enforce-adk
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 96 highlights
Using the Configuration File Learning about the configuration file DEPTH The configuration parameter DEPTH specifies how many levels deep you can set trust for a meta or trusted introducer signature. (Trusted introducers are those people who you trust to certify-or validate-others' keys. If a trusted introducer certifies a key, it will appear valid on your public keyring.) Default Value Meta Introducer signature: DEPTH = 2 Trusted Introducer signature: DEPTH = 1 Notes • This setting is ignored if SIG-TYPE is set to local or exportable. • The DEPTH setting applies to an introducer signature (meta or trusted), whereas the CERT-DEPTH configuration option limits the depth of the trust chain. E-Business Server will not validate any keys deeper in the chain of trust than the level specified by CERT-DEPTH. DISCARD-PATHS Instructs E-Business Server to strip any relative path information from the list of files you want to include in a Self-Decrypting Archive (SDA) or PGParchive. During decryption of the archive, the files are placed in the current directory instead of in subdirectories of the current directory. Default Value DISCARD-PATHS= Notes You can also add the --discard-paths option to the command line when creating an SDA or PGParchive. For example: ebs --encrypt --sda --discard-paths foo/bar.txt abc/xyz.txt In this example, E-Business Server includes the files bar.txt and xyz.txt in the archive, but the file's relative paths are not included. When the archive is decrypted, both files are placed in the current directory and not in foo and abc subdirectories. ENCRYPT-TO-SELF Instructs E-Business Server to always add the recipient specified in the configuration parameter DEFAULT-KEY to its list of recipients and thus always encrypt to the predefined key as well as to any specified recipients. Note: Just because you originated the encryption does not mean you can decrypt the information. If you want to have access later to messages you encrypt to another person, you must enable ENCRYPT-TO-SELF. Default Value ENCRYPT-TO-SELF = off ENFORCE-ADK Forces encryption to any ADKs associated with a recipient's key and to the ADK-KEY configuration setting. Default Value ENFORCE-ADK = off Notes • With this setting enabled, if a user tries to encrypt to a key that is associated with an ADK (or to any key, with ADK-KEY enabled), E-Business Server attempts to encrypt to the ADK as well. If the ADK is not present on the keyring, E-Business Server generates an error message. • If ENFORCE-ADK is set to off and the ADK is not present on the user's keyring, E-Business Server displays a warning. It then encrypts the message, but does not encrypt to the ADK key. E-Business Server™ 8.6 Product Guide 94