176 DSView 3 Software Installer/User Guide
Before the file is transferred to the browser, the DSView 3 software will verify the file’s digital
signature. If the computed digital signature does not match the actual file’s digital signature, the
content of the file will be preceded with a warning, indicating that digital signature verification
failed and the file content may have been altered.
If you select a log file that does not reside on the DSView 3 server to which you’re logged in, the
log file is transferred from the appropriate server.
You may also validate the signature of data log files by exporting the system certificate; see System
certificate on page 43 and Verifying data log file digital signatures.
Verifying data log file digital signatures
The DSView 3 software computes hashes for data log files using the SHA1 digest algorithm. After
a hash is computed for a file, it is signed using the RSA public key algorithm and the DSView 3
software X.509 system certificate private key.
To verify the signature, you may use standard tools (such as OpenSSL) and the DSView 3 software
system X.509 certificate public key. (To view or export the system certificate, see System
certificate on page 43.)
For example, assume the following:
• A data log file is created with the name cisco-router-session-2006-04-02-12:12:01.txt.
• The DSView 3 software signs the data log file and creates a signature file with the name
cisco-router-session-2006-04-02-12:12:01.sig.
• The DSView 3 software system certificate has been exported with the name sun-jdoe.p10.
The OpenSSL command to verify the signature (and a successful response) is:
c:\>openssl dgst -sha1 -verify sun-jdoe.p10 -signature cisco-router-
session-2006-04-02-12:12:01.sig cisco-router-session-2006-04-02-
12:12:01.txt
c:\>Verification OK