PGPSIGN Digital signature without encryption |
Top Previous Next |
This script command uses your PGP private key to create an output file that has a digital signature but is not encrypted. Use the PGPENCRYPT command if you need to create a file that is both signed and encrypted. A digital signature verifies the identify of the signer and confirms that the contents of the file have not changed since it was signed. The signature may be verified and original file extracted using your public key with the PGPDECRYPT script command or any other PGP or GPG encryption application.
A list of keys available for creating a digitally signed file is displayed in the Configurator on the Configure PGP menu by opening the "Manage Keys" form and then switching to the Private Keys tab.
The /user option is required to specify the private key used for signing. The value passed to this option must be at least a partial match to the values appearing either in the Key Name or the Key ID column on the "Manage Keys" form. A partial match of the Key ID column must be exactly 8 sequential characters. To sign a file with multiple private keys use the pipe character "|" to separate each key identifier string or simply repeat this option once for each private key.
Use the /pw option to provide the passphrase associated with the private key used for signing unless the password was previously saved in the Robo-FTP Configurator.
Use the /armor option if you wish the resulting file to be in ASCII armored format.
Use the /textmode option if you wish the resulting file to be a text mode format.
Important When you use the Configurator to create new PGP keys you may optionally choose to save the passphrase. If you choose this option, the password is saved in an encrypted format in the Windows registry along with Robo-FTP's other settings. Later, when you use these keys for signing, encryption or decryption the passphrase will not appear in the console window nor will it be written to any log file. If you choose not to save the passphrase (or if you use externally generated PGP keys) then you will probably need to specify the passphrase in clear-text in a script file. Therefore, saving the passphrase when you create the key is the most secure option.
In the example below, a file is signed using a private key identified by a partial match on the Key Name column.
PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy"
In the following example, a file is signed using a private key identified by an exact match on the Key ID column.
PGPSIGN "datafile.txt" "datafile.txt.signed" /user="A7743F3F33AC30A7"
Two private keys are used for signing when the /user option is specified twice or when the pipe character is used to separate the key identification string. Both lines below produce the same result.
PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy" /user="Mike Hammer" PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy|Mike Hammer"
The following example signs a file and specifies the output format to be ASCII armored.
PGPENCRYPT "datafile.txt" "datafile.txt.signed" /user="Richard Tracy" /armor
Hint: If the recipient is unable to verify the signature on the file ask them for the Key ID of the public key that they expected you to use for signing. The Key ID must match the value shown on the Manage Keys window in the Configurator. Some PGP software only displays an 8 character Key ID so in those cases you'll compare with the last 8 digits of the value shown in the Configurator. For a more precise comparison you can right-click the grid row and choose "Show Key Fingerprint" from the pop-up context menu.
Note: When the TMPFILE command is active, the output [ target file ] created by this command will have a different name until the encryption process is successfully completed.
Related command(s): PGPENCRYPT, PGPDECRYPT See also: Robo-FTP and PGP Cryptography, Configure PGP Menu |