You can verify and view information about X.509 signatures attached to a file in an archive. You can also remove signatures from a file and attach new ones.
Files that have a digital signature attached are flagged in the main window with a certificate icon (or if the file is encrypted too).
The easiest way to add a signature to a file that is already in an archive is to choose Sign from the Actions group.
You view information about a signature attached to a file from the Digital Signatures tab of the File Properties dialog. The Digital Signatures tab is available only in a ZIP archive and only when just a single file is selected.
To open the Digital Signatures tab:
1. Select a single file in the archive.
2. Right-click the selected file and choose Properties to open the File Properties dialog.
3. Select the Digital Signatures tab.
PK Protect needs to validate digital signatures before showing them to you or allowing you to modify them. Validating signatures can sometimes take a few moments, so PK Protect does not do it unless you tell it to.
Click View or Modify Signatures to validate signatures and display the controls to view and modify signatures.
After validating the signatures, if any, PK Protect displays two groups of controls: Current signatures and My certificates.
The Current signatures pane lists any digital signatures currently attached to the selected file. Signatures based on a valid certificate display in the pane with a green check mark; signatures based on an invalid certificate show a red X. (See here for information on certificate validity.)
To view information about a certificate attached to the file:
- Select a signature in Current signatures.
- Click View Certificate.
The button opens the Certificate Properties dialog.
To remove a signature attached to the file:
- Click View or Modify Signatures to display information about signatures on the file.
- Select a signature to remove in the Current signatures pane.
- Click Delete Signature.
My certificates lists personal certificates that belong to you that you can use to digitally sign the selected file. The View Certificate button under the list opens the Certificate Properties dialog for the currently selected certificate in the My certificates list.
The Hash Algorithm drop-down menu offers a choice of algorithms to use to create a hash value for the file to be signed.
The hash value uniquely represents the file: any change to the file gives it a different hash value. Comparing the hash value of the file when it was signed with the file's current hash value reveals whether the file has been changed.
The default algorithm is SHA-256. This algorithm produces a slightly longer hash value that may be more secure than that produced by the MD5 algorithm.
The strength of an algorithm is relative to the size of the resulting hash value. SHA-1 produces a 160-bit hash. Other SHA algorithms that may be available, depending on your operating system, produce hash values of the size indicated in their names. For example, SHA-256 produces a 256-bit hash. You must use SHA-256 or stronger to comply with FIPS, a US federal government security standard.
ZIP files created using a SHA algorithm other than SHA-1 will be incompatible with older versions of ZIP programs that do not support these newer algorithms.
To add a signature to the selected file:
- Select a signature in My certificates.
- Click Add Signature.
A new signature displays with a blue + until the archive is saved.