SignDoc SDK (C)
5.0.1.32
|
============================================================================== Managing key pairs for SignDoc ============================================================================== Background ---------- SignDoc encrypts the biometric data of a signature using the public key of a key pair; the private key must be kept secret and is used for decrypting the biometric data and checking whether the document was signed with that biometric data. The public key is stored in a file which is shipped with SignDoc. The private key is encrypted with a passphrase (ASCII only) and stored in a file which is deployed to a Sonderarbeitsplatz where signatures are to be verified. Creating a key pair ------------------- To create a private/public key pair, run SignDocKeyTool this way: SignDocKeyTool create [-p PASSPHRASE] [-s SIZE] [BASE] PASSPHRASE is the passphrase used to protect the private key. The private key will only be usable if the correct passphrase is entered at the time biometric data is decrypted. If the -p option is not used, SignDocKeyTool will ask for a passphrase. If the passphrase is empty, the private key won't be encrypted (that's not recommended). Note that the passphrase can be changed later on as described below. SIZE is the key size in bits. Supported values are 2048 through 4096, the number must be a multiple of 8. The default value is 2048. If BASE is specified, files BASE-private.key and BASE-public.key will be written. If BASE is not specified, SignDoc4ADS will be used, that is, files SignDoc4ADS-private.key and SignDoc4ADS-public.key will be written. Example: SignDocKeyTool create -p "Vveri Zekkret" new Changing the passphrase of a private key ---------------------------------------- To change the passphrase of a private key, run SignDocKeyTool this way: SignDocKeyTool crypt [-pi PASSPHRASE] [-po PASSPHRASE] INPUT OUTPUT INPUT is the pathname of an existing private key file; that file will be read. OUTPUT is the pathname of the new private key file to be written. INPUT and OUTPUT must not reference the same file. There are two passphrases, the old one (of the input file) and the new one (of the output file). The old one is specified with -pi, the new one with -po. sdsdakey will ask you for any passphrases not specified on the command line. Example (enter on one line): SignDocKeyTool crypt -pi "Vveri Zekkret" -po "eeven moRR seecred" new-private.key newer-private.key ============================================================================== EOF ==============================================================================