Signed Reports

Help
Anonymous
2003-09-09
2003-10-01
  • Anonymous - 2003-09-09

    I'm having trouble verifying that signed reports ar actually being signed.  I run the command:

    tripwire --check --signed-report --email-report

    it asks for the local passphrase, and generates the report.  The problem is that I can find no indication that the report has actually been signed, either in the email generated, or in the saved report file.  Is there something I'm missing, or is this just the way it works?

    Regards,
    James

     
    • Jason I.

      Jason I. - 2003-10-01

      James,

      You could use twadmin to 'examine' the report:

      ./twadmin -m e ../report/<reportname>.twr

      This will show you that the report is signed with Asymmetric Encryption, and that the local.key will decrypt the file.

      Realistically, there's not much benefit to signing the reports - they're encoded already, and signing just makes them tamper-proof at the cost of extra cpu usage and disk space.

      Thanks-

      Jason

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks