194DSView 3 Software Installer/User Guide

Before the file is transferred to the browser, the DSView 3 software will verify the file’s digital signature. If the computed digital signature does not match the actual file’s digital signature, the content of the file will be preceded with a warning, indicating that digital signature verification failed and the file content may have been altered.

If you select a log file that does not reside on the DSView 3 server to which you’re logged in, the log file is transferred from the appropriate server.

You may also validate the signature of data log files by exporting the system certificate; see System certificate and SSH key on page 46 and Verifying data log file digital signatures.

Verifying data log file digital signatures

The DSView 3 software computes hashes for data log files using the SHA1 digest algorithm. After a hash is computed for a file, it is signed using the RSA public key algorithm and the DSView 3 software X.509 system certificate private key.

To verify the signature, you may use standard tools (such as OpenSSL) and the DSView 3 software system X.509 certificate public key. (To view or export the system certificate, see System certificate and SSH key on page 46.)

For example, assume the following:

A data log file is created with the name cisco-router-session-2006-04-02-12:12:01.txt.

The DSView 3 software signs the data log file and creates a signature file with the name cisco- router-session-2006-04-02-12:12:01.sig.

The DSView 3 software system certificate has been exported with the name sun-jdoe.p10. The OpenSSL command to verify the signature (and a successful response) is:

c:\>openssl dgst -sha1 -verify sun-jdoe.p10 -signature cisco-router- session-2006-04-02-12:12:01.sig cisco-router-session-2006-04-02- 12:12:01.txt

c:\>Verification OK

Page 214
Image 214
Avocent SPC420 manual Verifying data log file digital signatures