The following console versions of the digital keys and certificates generation utility are provided:
Executable file |
Location |
Description |
|---|---|---|
drweb-sign-<OS>-<bitness> |
Control Center, the Administration → Utilities section |
Independent version of the utility. Can be launched from any directory or on any computer with corresponding operating system. |
The webmin/utilities Dr.Web Server directory |
||
drwsign |
The bin Dr.Web Server directory |
Utility version depends on server libraries. Can be launched only from its location directory. |
|
The drweb-sign-<OS>-<bitness> and drwsign utility versions are similar in their functions. Further in the section, the drwsign version is used, but all examples are relevant for both versions. |
The start instruction format
•drwsign check [-public-key=<public_key>] <file>
Check the specified file signature using a public key of the person who signed this file.
Switch parameter |
Default value |
|---|---|
<public_key> |
drwcsd.pub |
•drwsign extract [-private-key=<private_key>] [-cert=<Dr.Web_Server_certificate>] <public_key>
Extract the public key from the private key file or from the certificate and write the public key to the specified file.
The -private-key and -cert switches are mutually exclusive, i.e. only one switch can be set; if both switches are set at the same time, the command fails to execute.
The switch parameters must be specified.
If none of the switches is set, -private-key=drwcsd.pri is used to extract the public key of the drwcsd.pri private key.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
•drwsign genkey [<private_key> [<public_key>]]
Generate a public–private pair of keys and write them to the corresponding files.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
<public_key> |
drwcsd.pub |
|
The utility version for Windows platforms (in contrast to UNIX versions) does not protect private keys from copying. |
•drwsign gencert [-private-key=<private_key>] [-subj=<subject_fields>] [-days=<validity_period>] [<self_signed_certificate>]
Generate a self-signed certificate using the Dr.Web Server private key and write it to the corresponding file.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
<subject_fields> |
/CN=<hostname> |
<validity_period> |
3560 |
<self_signed_certificate> |
drwcsd-certificate.pem |
•drwsign gencsr [-private-key=<private_key>] [-subj=<subject_fields>] [<certificate_sign_request>]
Generate a request for the certificate signature based on the private key and write this request to the corresponding file.
Can be used to sign the certificate of another server, e.g. to sign a Dr.Web Proxy Server certificate with the Dr.Web Server key.
To sign such requests, use the signcsr switch.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
<subject_fields> |
/CN=<hostname> |
<certificate_sign_request> |
drwcsd-certificate-sign-request.pem |
•drwsign genselfsign [-show] [-subj=<subject_fields>] [-days=<validity_period>] [<private_key> [<self_signed_certificate>]]
Generate a self-signed RSA certificate and an RSA private key for a web server and write them to the corresponding files.
The -show switch prints certificate content in a readable view.
Switch parameter |
Default value |
|---|---|
<subject_fields> |
/CN=<hostname> |
<validity_period> |
3560 |
<private_key> |
private-key.pem |
<self_signed_certificate> |
certificate.pem |
•drwsign hash-check [-public-key=<public_key>] <hash_file> <signature_file>
Check the signature of the specified 256-bit number in the client-server protocol format.
In the <hash_file> parameter, the file with the 256-bit number to sign is specified. The <signature_file> file is the signature result (two 256-bit numbers).
Switch parameter |
Default value |
|---|---|
<public_key> |
drwcsd.pub |
•drwsign hash-sign [-private-key=<private_key>] <hash_file> <signature_file>
Sign the specified 256-bit number in the client-server protocol format.
In the <hash_file> parameter, the file with the 256-bit number to sign is specified. The <signature_file> file is the signature result (two 256-bit numbers).
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
•drwsign help [<command>]
Print brief information on the program or on the specific command in the command line format.
•drwsign sign [-private-key=<private_key>] <file>
Sign <file> using the private key.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
•drwsign signcert [-ca-key=<private_key>] [-ca-cert=<Dr.Web_Server_certificate>] [-cert=<certificate_to_sign>] [-days=<validity_period>] [-eku=<purpose>] [<signed_certificate>]
Sign the existing <certificate_to_sign> using the private key and the certificate of Dr.Web Server. The signed certificate is saved into a separate file.
Can be used to sign the Dr.Web Proxy Server certificate with the Dr.Web Server key.
The following values of the -eku switch (Extended Key Usage extension) can be used:
▫drwebServerAuth—authentication of the Server/Proxy server by Dr.Web Agent,
▫drwebMeshDAuth—authentication of the Scanning server by the Virtual agent.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
<Dr.Web_Server_certificate> |
drwcsd-ca-cerificate.pem |
<certificate_to_sign> |
drwcsd-certificate.pem |
<validity_period> |
3560 |
<purpose> |
drwebServerAuth |
<signed_certificate> |
drwcsd-signed-certificate.pem |
•drwsign signcsr [-ca-key=<private_key>] [-ca-cert=<Dr.Web_Server_certificate>] [-csr=<certificate_sign_request>] [-days=<validity_period>] [-eku=<purpose>] [<signed_certificate>]
Sign <certificate_sign_request> generated by the gencsr command using the private key and the Dr.Web Server certificate. The signed certificate is saved into a separate file.
Can be used to sign the certificate of another server, e.g. to sign a Dr.Web Proxy Server certificate with the Dr.Web Server key.
The following values of the -eku switch (Extended Key Usage extension) can be used:
▫drwebServerAuth—authentication of the Server/Proxy server by Dr.Web Agent,
▫drwebMeshDAuth—authentication of the Scanning server by the Virtual agent.
Switch parameter |
Default value |
|---|---|
<private_key> |
drwcsd.pri |
<Dr.Web_Server_certificate> |
drwcsd-cerificate.pem |
<certificate_sign_request> |
drwcsd-certificate-sign-request.pem |
<validity_period> |
3560 |
<purpose> |
drwebServerAuth |
<signed_certificate> |
drwcsd-signed-certificate.pem |
•drwsign tlsticketkey [<TLS_ticket>]
Generate a TLS ticket.
Can be used in a Server cluster for shared TLS sessions.
Switch parameter |
Default value |
|---|---|
<TLS_ticket> |
tickets-key.bin |
•drwsign verify [-ss-cert] [-CAfile=<Dr.Web_Server_certificate>] [<certificate_to_check>]
Check the validity of the certificate with the trusted certificate of the Server.
The -ss-cert switch prescribes to ignore the trusted certificate and validate the self-signed certificate only.
Switch parameter |
Default value |
|---|---|
<Dr.Web_Server_certificate> |
drwcsd-certificate.pem |
<certificate_to_check> |
drwcsd-signed-certificate.pem |
•drwsign x509dump [<certificate_to_print>]
Print the dump of any x509 certificate.
Switch parameter |
Default value |
|---|---|
<certificate_to_print> |
drwcsd-certificate.pem |
•drwsign version
Show the utility version.