SignDoc SDK (C)  5.0.1.32
All Classes Files Functions Variables Typedefs Macros Pages
==============================================================================
Managing key pairs for SignDoc
==============================================================================

Background
----------

SignDoc encrypts the biometric data of a signature using the public
key of a key pair; the private key must be kept secret and is used for
decrypting the biometric data and checking whether the document was
signed with that biometric data.

The public key is stored in a file which is shipped with SignDoc.

The private key is encrypted with a passphrase (ASCII only) and stored
in a file which is deployed to a Sonderarbeitsplatz where signatures
are to be verified.


Creating a key pair
-------------------

To create a private/public key pair, run SignDocKeyTool this way:

  SignDocKeyTool create [-p PASSPHRASE] [-s SIZE] [BASE]

PASSPHRASE is the passphrase used to protect the private key.  The
private key will only be usable if the correct passphrase is entered
at the time biometric data is decrypted.  If the -p option is not
used, SignDocKeyTool will ask for a passphrase.  If the passphrase is empty,
the private key won't be encrypted (that's not recommended).  Note
that the passphrase can be changed later on as described below.

SIZE is the key size in bits.  Supported values are 2048 through 4096,
the number must be a multiple of 8.  The default value is 2048.

If BASE is specified, files BASE-private.key and BASE-public.key will
be written.  If BASE is not specified, SignDoc4ADS will be used, that
is, files SignDoc4ADS-private.key and SignDoc4ADS-public.key will be
written.

Example:

  SignDocKeyTool create -p "Vveri Zekkret" new


Changing the passphrase of a private key
----------------------------------------

To change the passphrase of a private key, run SignDocKeyTool this way:

  SignDocKeyTool crypt [-pi PASSPHRASE] [-po PASSPHRASE] INPUT OUTPUT

INPUT is the pathname of an existing private key file; that file will
be read.  OUTPUT is the pathname of the new private key file to be
written.  INPUT and OUTPUT must not reference the same file.

There are two passphrases, the old one (of the input file) and the new
one (of the output file).  The old one is specified with -pi, the new
one with -po.  sdsdakey will ask you for any passphrases not specified
on the command line.

Example (enter on one line):

  SignDocKeyTool crypt -pi "Vveri Zekkret" -po "eeven moRR seecred"
                 new-private.key newer-private.key

==============================================================================
                                 EOF
==============================================================================