Avocent Network Device SPC420 User Manual

194 DSView 3 Software Installer/User Guide

Before the file is transferred to the browser, the DSView 3 software will verify the file’s digital
signature. If the computed digital signature does not match the actual file’s digital signature, the
content of the file will be preceded with a warning, indicating that digital signature verification
failed and the file content may have been altered.

If you select a log file that does not reside on the DSView 3 server to which you’re logged in, the
log file is transferred from the appropriate server.

You may also validate the signature of data log files by exporting the system certificate; see System
certificate and SSH key on page 46 and Verifying data log file digital signatures.

Verifying data log file digital signatures

The DSView 3 software computes hashes for data log files using the SHA1 digest algorithm. After
a hash is computed for a file, it is signed using the RSA public key algorithm and the DSView 3
software X.509 system certificate private key.

To verify the signature, you may use standard tools (such as OpenSSL) and the DSView 3 software
system X.509 certificate public key. (To view or export the system certificate, see System
certificate and SSH key on page 46.)

For example, assume the following:

•

A data log file is created with the name cisco-router-session-2006-04-02-12:12:01.txt.

•

The DSView 3 software signs the data log file and creates a signature file with the name cisco-
router-session-2006-04-02-12:12:01.sig.

•

The DSView 3 software system certificate has been exported with the name sun-jdoe.p10.

The OpenSSL command to verify the signature (and a successful response) is:

c:\>openssl dgst -sha1 -verify sun-jdoe.p10 -signature cisco-router-

session-2006-04-02-12:12:01.sig cisco-router-session-2006-04-02-

12:12:01.txt

c:\>Verification OK