Download oXygen User Manual for Eclipse

Digital signature
Certificates
A certificate is a digitally signed statement from the issuer (an individual, an organization, a website or a
firm), saying that the public key (and some other information) of some other entity has a particular
value. When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified. Authenticity means the data comes indeed
from the entity that claims to have created and signed it. Certificates are kept in special repositories
called Keystores.
A Keystore is an encrypted file that contains private keys and certificates. All keystore entries (key and
trusted certificate entries) are accessed via unique aliases. An alias must be assigned for every new entry
of either a key or certificate as a reference for that entity. No Keystore can store an entity if it's "alias"
already exists in that Keystore and no KeyStore can store trusted certificates generated with keys in it's
KeyStore.
In <oXygen/> there are provided two types of keystores: Java Key Store (JKS) and Public-Key Cryptography Standards version 12 (PKCS-12). A keystore file is protected by a password. In a PKCS 12 keystore you should not store a certificate without alias together with other certificates, with or without alias, as in such a case the certificate without alias cannot be extracted from the keystore.
To set the options for a certificate or to validate it, go to Options → Preferences → Certificates .
Note
A certificate without alias stored in a PKCS 12 keystore together with other certificates,
with or without alias, cannot be always extracted correctly from the keystore due to the
missing alias. Such a certificate should be the only certificate of a PKCS 12 keystore.
Signing files
The user can select the type of signature to be used for his document from the following dialog.
Figure 11.2. Signature settings dialog
185