Difference between revisions of "Verifying a Signed Export"
| [unchecked revision] | [unchecked revision] |
| Line 22: | Line 22: | ||
ls -r *.eml | ForEach-Object { $file_sig = ($_.FullName) + '.sig'; $file_eml = $_.FullName; openssl.exe dgst -sha256 -verify publickey.pem -signature "$file_sig" "$file_eml" } | ls -r *.eml | ForEach-Object { $file_sig = ($_.FullName) + '.sig'; $file_eml = $_.FullName; openssl.exe dgst -sha256 -verify publickey.pem -signature "$file_sig" "$file_eml" } | ||
</source> | </source> | ||
| + | |||
| + | [[de:Verifizieren_eines_signierten_Exports]] | ||
| + | [[en:Verifying_a_Signed_Export]] | ||
Revision as of 11:33, 7 September 2017
It is possible to digitally sign an export of archived messages to the file system when as EML or MSG format is used. This helps to ensure integrity of each exported email while it resides outside of the archive. A SHA256 hash of the public key, that can be used to verify the signatures, is stored in the archive's temper proof audit log.
To verify the integrity of a signed export, the use of OpenSSL is recommended. This needs to be installed on the computer where verification takes place in order to run the following commands.
Create Hash of Public Key
The following command generates a SHA256 hash of the public key in order to verify it against the hash recorded in MailStore's Audit Log.
openssl dgst -sha256 -hex publickey.pem
Verify All Emails
The following one-liners can be used to verify a signed export including all subdirectories.
Linux or MacOS
find . -name '*.eml' -exec openssl dgst -sha256 -verify publickey.pem -signature \{}.sig \{} \;
Windows (PowerShell)
ls -r *.eml | ForEach-Object { $file_sig = ($_.FullName) + '.sig'; $file_eml = $_.FullName; openssl.exe dgst -sha256 -verify publickey.pem -signature "$file_sig" "$file_eml" }
