CAPÍTULO 7: PROGRAMA DE VIGILANCIA AMBIENTAL (P.V.A)
7.2. Informes del P.V.A en la fase de construcción
New documents are encrypted now with the current key, while decryption always uses the appropriate key.
Handling for replicated archives
The Synchronize_Replicatesjob updates the system keys and certificates between Archive Servers before it synchronizes the documents. The system keys are
transmitted encrypted.
If you do not want to transmit the system keys through the network, you can also export them from the original server to an external data medium and re-import them on the remote standby server (see “Exporting and Importing System Keys” on page 108).
7.3.3 Exporting and Importing System Keys
The contents of the System key node (all keys) of an Archive Server can be exported and imported with the recIO command line tool. The program must be executed directly on the Archive Server.
7.3 Encrypted Document Storage
Important
In the case of system failure or restore scenarios it can be vital to have backups of the system key (and the related certificates).
recIO <command> [<options>]
The following commands are available:
L
Lists the contents of the System key node (without the keys themselves) in a table.
The user must log on.
Example:
sunny:~> /usr/ixos-archive/bin/recIO L
IMPORTANT: --- IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: --- recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate!
User :dsadmin Password :
idx ID c x created imported origin --- 1 EA03BDAF9ABB85A1 1 1 2010/01/18 17:26:01 ----/--/-- --:--:-- sunny 2 1EE312C064A27F73 0 1 2009/11/03 14:28:08 2010/05/14 15:14:52 hausse 3 3C5DE677C3707700 0 0 2010/01/05 17:52:57 2010/05/14 15:14:52 emma
E
Exports the contents of the System key node. Use the export in particular to store the system keys for document encryption.
The user must log on and specify a path for the export files. The option -t NN:MM splits the contents of the key store into several different files (MM; maximum 8).
At least NN files must be reimported in order to restore the complete key store.
Example:
sunny:~> /usr/ixos-archive/bin/recIO E -t 3:5
IMPORTANT: --- IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: --- recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate!
User :dsadmin Password :
Writing keystore with 3 system-keys to 5 token-files (3 required to restore) Token[1/5] (default = /floppy/key.pem )
File (CR to accept above) : p1.pem
Token[2/5] (default = /floppy/key.pem ) File (CR to accept above) : p2.pem
Token[3/5] (default = /floppy/key.pem ) File (CR to accept above) : p3.pem
Token[4/5] (default = /floppy/key.pem ) File (CR to accept above) : p4.pem
Token[5/5] (default = /floppy/key.pem ) File (CR to accept above) : p5.pem
V
Verifies the contents of the System key node against the exported files.
The user must log on and specify the path for the exported data. Then the exported data is compared with the key store on the Archive Server.
Example:
sunny:~> /usr/ixos-archive/bin/recIO V
IMPORTANT: --- IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: --- recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate!
User :dsadmin Password :
Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem
Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem
Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem
key 1 : 1EE312C064A27F73 : OK key 2 : BEEB5213EF5FFABF : OK key 3 : 10C8D409E585E43B : OK
D
Displays the information on the exported files. The information is shown in a table.
Example:
sunny:~> /usr/ixos-archive/bin/recIO D
IMPORTANT: --- IMPORTANT: recIO (release) 10.0.0.724
IMPORTANT: --- recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)
Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem
Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem
Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem
idx ID created origin --- 1 EA03BDAF9ABB85A1 2010/01/18 17:26:01 sunny 2 1EE312C064A27F73 2009/11/03 14:28:08 hausse 3 BEEB5213EF5FFABF 2009/11/08 09:26:36 emma
I
Imports the saved contents of the System key node.
The user must log on and specify the path for the exported data. The data in the System key node is restored, encrypted with the Archive Server's public key and sent to the administration server. The results are displayed. Keys already
contained in the Archive Server's store are not overwritten.
Example:
sunny:~> /usr/ixos-archive/bin/recIO V
IMPORTANT: --- IMPORTANT: recIO (release) 10.0.0.724
7.4 Timestamp Usage
IMPORTANT: --- recIO 10.0.0.724 (C) 2001-2010 Open Text Corporation
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) Please authenticate!
User :dsadmin Password :
Token[1/?] (default = /floppy/key.pem) File (CR to accept above) : p1.pem
Token[2/3] (default = /floppy/key.pem) File (CR to accept above) : p2.pem
Token[3/3] (default = /floppy/key.pem) File (CR to accept above) : p3.pem
ID:BEEB5213EF5FFABF created:2000/11/08 09:26:36 origin:emma Key already exists
ID:276CBED602BDFC25 created:2010/01/18 12:09:32 origin:arthomasa Key successfully imported
7.4 Timestamp Usage
Timestamps Timestamps are used to verify that documents have not been altered since archiving time. The verification process checks these timestamps. A timestamp service is required for this. Creating a timestamp means: The computer calculates a unique number – a cryptographic checksum or hash value – from the content of the document. The timestamp server adds the time to this checksum, creates a checksum of this created object and signs the new checksum with its private key.
The signature is stored together with the document component. When a document is requested, Archive Server verifies whether the component was modified after storage by looking at the signature. It needs the public key of the timestamp server certificate for verification. The Windows Viewer and Java Viewer can display the verification result. Archive Server supports the following timestamp types:
• ArchiSig timestamps
• Document timestamps (old) ArchiSig
timestamps With ArchiSig timestamps, the timestamps are not added per document, but for containers of hash trees calculated from the documents:
A job builds the hash tree that consists of hash values of as many documents as configured, and adds one single timestamp. Thus, you can collect, for example, all documents of a day in one hash tree. Only one timestamp per hash tree is required.
The verification process needs only the document and the hash chain leading from the document to the timestamp but not the whole hash tree:
Document
timestamps Each document component gets a timestamp when it arrives in the archive – more precisely: when it arrives in the disk buffer and is known to the Document Service.
This (old) method requires a huge amount of timestamps, depending on the number of documents. Thus, it is available only for archives that used timestamps in former Archive Server versions. You can migrate these timestamps to ArchiSig timestamps;
see “Migrating Existing Document Timestamps” on page 116.
Configuration You can set up signing documents with timestamps and the verification of
timestamps including the response behavior for each archive (see “Configuring the Archive Settings” on page 80). Consider the recommendations given above.
7.4 Timestamp Usage
If you use both methods in parallel, the document timestamp secures the document until the hash tree is built and signed. As this time period is short, a document timestamp is sufficient for these documents, while the hash tree, in general, gets a timestamp created with a certificate of an accredited provider. This trusted certificate is used for verification.
ArchiSig timestamps have a better performance and can be easily renewed.
Note: Document timestamps are only shown to ensure compatibility. You cannot use them for new archives.
Timestamps and hash trees may become invalid or unsafe. To prevent this, they can be renewed, see “Renewing Timestamps of Hash Trees” on page 116 and
“Renewing Hash Trees” on page 115.
Remote Standby In a Remote Standby environment, the Synchronize_Replicatesjob replicates the timestamp certificates. Only enabled certificates are copied. The certificate on the Remote Standby Server is automatically enabled after synchronization.
Setting up timestamp verification
• “Basic Settings” on page 113.
• “Activating and Configuring Timestamp Usage” on page 83.
• “Creating a Hash Tree” on page 115
• “Configuring a Certificate for Timestamp Verification” on page 126
• Optional: “Basic Settings” on page 113
7.4.1 Basic Settings
Introduction The following configuration variables are preset with reasonable values. You can modify them, if necessary.
The following description includes the most relevant parameters. There are further parameters, for which in general, modification is not required.
List of timestamp
services The following list shows supported timestamp services:
• timeproof TSS80
• AuthentiDate
• Quovadis
• OpenText Archive Timestamp Server
To check and modify configuration variables: