FILE AUTHENTICATION
Introduction to File Authentication
34 V200C REFERENCE GUIDE
Special Files Used
in the File
Authentication
Process
The following specially formatted files support the FA process:
• A digital certificate (*crt file) is a digital public document used to verify the
signature of a file.
• A digital signature (*.p7s file) is a piece of information based on both the file
and the signer’s private cryptographic key. The file sender digitally signs the
file using a private key. The file receiver uses a digital certificate to verify the
sender’s digital signature.
• Signer private keys are securely conveyed to clients on smart cards. On
V200c, private keys are not kept in files. The secret passwords required by
clients to generate signature files, using signer private keys, are sent as PINs
over a separate channel such as registered mail or encrypted e-mail.
Digital certificates and signature files, do not need to be kept secure to safeguard
the overall security of VeriShield.
The special file types that support the file authentication process are recognized
by their filename extensions.
All digital certificates are generated and managed by the Verifone CA, and are
distributed on request to terminal clients—either internally within Verifone or
externally to sponsors.
All certificates issued by the Verifone CA for the terminal platform, and for any
Verifone platform with the VeriShield security architecture, are hierarchically
related. That is, a lower-level certificate can only be authenticated under the
authority of a higher-level certificate.
The security of the highest-level certificate, called the platform root certificate, is
tightly controlled by Verifone.
The required cryptographically related private keys that support the file
authentication process are also generated and distributed by the Verifone CA.
Certificates Contain Keys That Authenticate Signature Files
• Sponsor certificate: Certifies a client’s sponsorship of the terminal. It does not,
however, convey the right to sign and authenticate files. To add flexibility to the
business relationships that are logically secured under the file authentication
process, a second type of certificate is usually required to sign files.
Table 5 VeriShield File Signing Tool Filename Extensions
File Type Extension
Signature *.p7s
Digital certificate *.crt
To Next Page
Loading...
Need help?
General
