[wg11] Wider testing for Part 21 edition 3 digital signatures

[Martin Hardwick]

All,

We are now ready to do some wider testing of the digital signature 
functionality. There is an open source code base at the following URL 
for a windows batch program called STEPAuth.
http://tinyurl.com/STEPAuth

The STEPAuth program is run from the windows command line and has the 
following three options:

STEPAuth    CSR                -- You use this once to make a private 
key and a certificate request
STEPAuth    SIGN               -- You use this to sign files
STEPAuth    VERIFY            -- You use this to verify that a file has 
not been changed since it was signed and/or to check the authenticity of 
the signature

When you run STEPAuth CSR the system will get some information from you 
and make a private key file (that you should keep secret) and a 
certificate request file (.csr). The certificate request has to be 
authorized before it can be used to sign files. We can delegate the 
authorization functionality but for the moment you need to send the .csr 
file to us at certificate at steptools.com.

We suggest you put the .csr file into a ZIP before transmission.  It is 
quite possible that one or more e-mail systems will refuse the 
transmission and if this is the case then we will have to setup ftp sites.

We will send you a certificate (in a ZIP). This certificate will have 
the same name as your .csr file but with the extension .crt. Once you 
have a certificate you will have everything you need to sign step files 
as follows

STEPAuth SIGN <step_file to sign> <private_key> <certificate>

When you have signed a file you can verify whether the file has been 
changed since the signature by the following command

STEPAuth VERIFY <step_file>

If you use the -v flag (e.g STEPAuth VERIFY signed_file.stp -v) then it 
will also check that the signature has been properly authorized.

Martin