H7.1. Digital keys and certificates generation utility |
The following console versions of the digital keys and certificates generation utility are provided:
The start instruction format •drwsign check [-public-key=<public_key>] <file> Check the specified file signature using a public key of the person who signed this file.
•drwsign extract [‑private‑key=<private_key>] [‑cert=<Dr.Web_Server_certificate>] <public_key> Extract the public key from the private key file or from the certificate and write the public key to the specified file. The -private-key and -cert switches are mutually exclusive, i.e. only one switch can be set; if both switches are set at the same time, the command fails to execute. The switch parameters must be specified. If none of the switches is set, -private-key=drwcsd.pri is used to extract the public key of the drwcsd.pri private key.
•drwsign genkey [<private_key> [<public_key>]] Generate a public—private pair of keys and write them to the corresponding files.
•drwsign gencert [‑private‑key=<private_key>] [‑subj=<subject_fields>] [‑days=<validity_period>] [<self_signed_certificate>] Generate a self-signed certificate using the Dr.Web Server private key and write it to the corresponding file.
•drwsign gencsr [‑private‑key=<private_key>] [‑subj=<subject_fields>] [<certificate_sign_request>] Generate a request for the certificate signature based on the private key and write this request to the corresponding file. Can be used to sign the certificate of another server, e.g. to sign a Dr.Web Proxy Server certificate with the Dr.Web Server key. To sign such requests, use the signcsr switch.
•drwsign genselfsign [‑show] [‑subj=<subject_fields>] [‑days=<validity_period>] [<private_key> [<self_signed_certificate>]] Generate a self-signed RSA certificate and an RSA private key for a web server and write them to the corresponding files. The -show switch prints certificate content in a readable view.
•drwsign hash-check [‑public‑key=<public_key>] <hash_file> <signature_file> Check the signature of the specified 256-bit number in the client-server protocol format. In the <hash_file> parameter, the file with the 256-bit number to sign is specified. The <signature_file> file is the signature result (two 256-bit numbers).
•drwsign hash-sign [‑private‑key=<private_key>] <hash_file> <signature_file> Sign the specified 256-bit number in the client-server protocol format. In the <hash_file> parameter, the file with the 256-bit number to sign is specified. The <signature_file> file is the signature result (two 256-bit numbers).
•drwsign help [<command>] Print brief information on the program or on the specific command in the command line format. •drwsign sign [-private-key=<private_key>] <file> Sign <file> using the private key.
•drwsign signcert [‑ca‑key=<private_key>] [‑ca‑cert=<Dr.Web_Server_certificate>] [‑cert=<certificate_to_sign>] [‑days=<validity_period>] [‑eku=<purpose>] [<signed_certificate>] Sign the existing <certificate_to_sign> using the private key and the certificate of Dr.Web Server. The signed certificate is saved into a separate file. Can be used to sign the Dr.Web Proxy Server certificate with the Dr.Web Server key. The following values of the -eku switch (Extended Key Usage extension) can be used: ▫drwebServerAuth—authentication of the Server/Proxy server by the Agent, ▫drwebMeshDAuth—authentication of the Scanning server by the Virtual agent.
•drwsign signcsr [‑ca‑key=<private_key>] [‑ca‑cert=<Dr.Web_Server_certificate>] [‑csr=<certificate_sign_request>] [‑days=<validity_period>] [‑eku=<purpose>] [<signed_certificate>] Sign <certificate_sign_request> generated by the gencsr command using the private key and the Dr.Web Server certificate. The signed certificate is saved into a separate file. Can be used to sign the certificate of another server, e.g. to sign a Dr.Web Proxy Server certificate with the Dr.Web Server key. The following values of the -eku switch (Extended Key Usage extension) can be used: ▫drwebServerAuth—authentication of the Server/Proxy server by the Agent, ▫drwebMeshDAuth—authentication of the Scanning server by the Virtual agent.
•drwsign tlsticketkey [<TLS_ticket>] Generate a TLS ticket. Can be used in a Server cluster for shared TLS sessions.
•drwsign verify [‑ss‑cert] [‑CAfile=<Dr.Web_Server_certificate>] [<certificate_to_check>] Check the validity of the certificate with the trusted certificate of the Server. The -ss-cert switch prescribes to ignore the trusted certificate and validate the self-signed certificate only.
•drwsign x509dump [<certificate_to_print>] Print the dump of any x509 certificate.
•drwsign version Show the utility version. |