When installing Security Center on a machine, a cryptographic key for digital
signatures is generated automatically and stored in the installation folder. If needed, you can
generate a new key and set the Archiver and the Auxiliary Archiver to use it.
What you should know
Creating a new cryptographic key is useful in the following cases:
- To create unique keys for each machine in a deployment with several systems using
machine imaging.
- To replace a key that might have been compromised.
IMPORTANT: Generate and store a new
digital signature origin for each new key
that you create. The origins are used to validate the digital signatures on video files
created using those keys.
Procedure
-
In the Security Center installation folder, run
DigitalSignatureKeyGenerator.exe.
The program generates two different 1 KB files named
fingerprintEddsa.bin and privateEddsa.bin in
the installation folder and overwrites any existing files.
-
In Config Tool, open the System task and click the
Roles view.
-
Select each archiving role that uses digital signatures, and restart it.
-
If a secondary server is assigned to an archiving role, copy the same cryptographic
files to the Security Center installation folder on that server.
Results
Archiving roles with
Digital signature enabled will digitally
sign video files using the new key.