PGPSIGN        Digital signature without encryption

Top  Previous  Next

Syntax:

PGPSIGN

[ src file ] [ target file ] [  options ]

Arguments:

[ src file ]

A variable or string defining the file name of the file to sign. Wildcard characters are not permitted in [ src file ] or [ target file ].

 

[ target file ]

A variable or string defining the file name of the newly signed file; if the file existed, it will be overwritten.

Options:

/armor

Select this option to ASCII armor the [ target file ].

 

/compat

Use format compatible with very old versions of PGP Desktop.

 

/pw=xx

Specify the passphrase associated with the private key that will be used to digitally sign the output file.

 

/textmode

Select this option if you wish to have [ target file ] saved in a text mode format.

 

/user=xx

The /user option is required to specify the private key used for signing.

 

 

This script command uses your PGP private key to create an output file that has a digital signature but is not encrypted. Use the PGPENCRYPT command if you need to create a file that is both signed and encrypted. A digital signature verifies the identify of the signer and confirms that the contents of the file have not changed since it was signed. The signature may be verified and original file extracted using your public key with the PGPDECRYPT script command or any other PGP or GPG encryption application.

 

A list of keys available for creating a digitally signed file is displayed in the Configurator on the Configure PGP menu by opening the "Manage Keys" form and then switching to the Private Keys tab.

 

The /user option is required to specify the private key used for signing. The value passed to this option must be at least a partial match to the values appearing either in the Key Name or the Key ID column on the "Manage Keys" form. A partial match of the Key ID column must be exactly 8 sequential characters. To sign a file with multiple private keys use the pipe character "|" to separate each key identifier string or simply repeat this option once for each private key.

 

Use the /pw option to provide the passphrase associated with the private key used for signing unless the password was previously saved in the Robo-FTP Configurator.

 

Use the /armor option if you wish the resulting file to be in ASCII armored format.

 

Use the /textmode option if you wish the resulting file to be a text mode format.

 

Important

When you use the Configurator to create new PGP keys you may optionally choose to save the passphrase. If you choose this option, the password is saved in an encrypted format in the Windows registry along with Robo-FTP's other settings. Later, when you use these keys for signing, encryption or decryption the passphrase will not appear in the console window nor will it be written to any log file. If you choose not to save the passphrase (or if you use externally generated PGP keys) then you will probably need to specify the passphrase in clear-text in a script file. Therefore, saving the passphrase when you create the key is the most secure option.

 

In the example below, a file is signed using a private key identified by a partial match on the Key Name column.

 

PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy"

 

In the following example, a file is signed using a private key identified by an exact match on the Key ID column.

 

PGPSIGN "datafile.txt" "datafile.txt.signed" /user="A7743F3F33AC30A7"

 

Two private keys are used for signing when the /user option is specified twice or when the pipe character is used to separate the key identification string. Both lines below produce the same result.

 

PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy" /user="Mike Hammer"

PGPSIGN "datafile.txt" "datafile.txt.signed" /user="Richard Tracy|Mike Hammer"

 

The following example signs a file and specifies the output format to be ASCII armored.

 

PGPENCRYPT "datafile.txt" "datafile.txt.signed" /user="Richard Tracy" /armor

 

Hint: If the recipient is unable to verify the signature on the file ask them for the Key ID of the public key that they expected you to use for signing. The Key ID must match the value shown on the Manage Keys window in the Configurator. Some PGP software only displays an 8 character Key ID so in those cases you'll compare with the last 8 digits of the value shown in the Configurator. For a more precise comparison you can right-click the grid row and choose "Show Key Fingerprint" from the pop-up context menu.

 

Note: When the TMPFILE command is active, the output [ target file ] created by this command will have a different name until the encryption process is successfully completed.

 

 

Related command(s): PGPENCRYPT, PGPDECRYPT

See also: Robo-FTP and PGP Cryptography, Configure PGP Menu