FILE AUTHENTICATION
Introduction to File Authentication
76 VX 520 REFERENCE GUIDE
Special Files Used
in the File
Authentication
Process
The following specially formatted files support the file authentication process:
• A digital certificate is a digital public document used to verify the signature of
a file.
• A digital signature is a piece of information based on both the file and the
signer’s private cryptographic key. The file sender digitally signs the file using
a private key. The file receiver uses a digital certificate to verify the sender’s
digital signature.
• Signer private keys (*.key files) are securely conveyed to clients on smart
cards. The secret passwords required by clients to generate signature files,
using signer private keys, are sent as PINs over a separate channel such as
registered mail or encrypted e-mail.
Some files, such as private key files, are encrypted and password protected for
data security. Others, such as digital certificates and signature files, do not need
to be kept secure to safeguard the overall security of VeriShield.
Within the VeriShield File Signing Tool, you can recognize the special file types
that support the file authentication process by the filename extensions listed in
Table 11.
All digital certificates are generated and managed by the VeriFone CA, and are
distributed on request to VX 520 clients—either internally within VeriFone or
externally to sponsors.
All certificates issued by the VeriFone CA for the VX 520 platform, and for any
VeriFone platform with the VeriShield security architecture, are hierarchically
related. That is, a lower-level certificate can only be authenticated under the
authority of a higher-level certificate.
The security of the highest-level certificate, called the platform root certificate, is
tightly controlled by VeriFone.
Table 11 VeriShield File Signing Tool Filename Extensions
File Type Extension
Signature *.p7s
Private key *.key
Digital certificate *.crt
To Next Page
Loading...
Need help?
General
