User's Manual
Examples of two scripts that can be used to sign are resource file (for example, CTL file) are
as follows:
• OpenSSL-based Linux script for file signing
#!/bin/sh
# $1 - Input Unsigned File
# $2 - Signing Certificate
# $3 - Signing Certificate Private Key
# $4 – Output Signed File
unsigned_file=$1
sign_cert_file=$2
sign_cert_pk_file=$3
signed_file=$4
# Setup temporary files
tmp_signature_file="/tmp/resource$$.tmp"
# Create a detached signature
openssl smime –sign –in ${unsigned_file} –signer ${sign_cert_file}
–outform PEM –binary –inkey ${sign_cert_pk_file} –out ${signed_file}
# Now append the signature to the unsigned file
cat ${unsigned_file} ${tmp_signature_file} > ${signed_file}
# Clean up
rm –f ${tmp_signature_file}
• OpenSSL-based Windows script for file signing
REM %1 - Input Unsigned File
REM %2 - Signing Certificate
REM %3 - Signing Certificate Private Key
REM %4 – Output Signed File
set unsigned_file=%1
set sign_cert_file=%2
set sign_cert_pk_file=%3
set signed_file=%4
REM Setup temporary files
set tmp_signature_file="sig.tmp"
REM Create a detached signature
openssl smime –sign –in %unsigned_file% –signer %sign_cert_file% –outform
PEM –binary –inkey
%sign_cert_pk_file% –out %tmp_signature_file%
REM Now append the signature to the unsigned file
copy /y /b %unsigned_file% + %tmp_signature_file% %signed_file%
REM Clean up
del %tmp_signature_file%
You can use other Certificate Management systems if the system includes the ability to
generate a detached signature.
Certificate-based authentication
282 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012
Comments? infodev@avaya.com