Directory Server Documentation Index
Command-Line Tool Reference Home

validate-file-signature

Description
Examples
Arguments

Description

For best results, file signatures should be validated by the same instance used to generate the file. However, it may be possible to validate signatures generated on other instances in a replicated topology.

Examples

Validate that all signature information contained in the file 'logs/access' is valid:
validate-file-signature --file logs/access


Validate that all signature information contained in the file 'logs/access', and all previous access log files covering a time period of at least two days, is valid. Errors about a missing end of signature marker in the initial file will be ignored:
validate-file-signature --file logs/access --validateLogChain \
     --logDuration "2 days" --ignoreMissingEndOfSignature

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

-f {path}
--file {path}

Description The file for which to verify the signature
Required Yes
Multi-Valued No

--encryptionPassphraseFile {path}

Description The path to a file that contains the passphrase needed to decrypt any encrypted files that are encountered. If encrypted data is encountered and this is not provided, then the tool will interactively prompt for the encryption passphrase. If a passphrase file is provided, then it must contain exactly one line that consists entirely of the passphrase
Required No
Multi-Valued No

-C
--validateLogChain

Description Attempts to validate signature information across a chain of log files. If this option is used, the tool will start with the file referenced using the "--file" argument and will work backwards through older log files

-n {num}
--numFiles {num}

Description The number of files to process when examining a chain of log files. If specified, the value must be greater than or equal to one. If not specified, then there will be no limit on the number of files to examine
Upper Bound 2147483647
Required No
Multi-Valued No

-d {duration}
--logDuration {duration}

Description The minimum length of time to cover when examining a chain of log files. If specified, the value should be a duration that consists of an integer and a time unit (which may be one of 'milliseconds', 'seconds', 'minutes', 'hours', or 'days')
Required No
Multi-Valued No

-M
--ignoreMultipleSignedBlocks

Description Indicates that the tool should not consider it an error for log files to contain multiple signed blocks (which may occur if the server or log publisher was shut down and restarted), or for a log file to not have been created after being rotated from another log file (if the logger is configured to start a new file when being initialized, or if it is the first log file that was created). It is not possible for the tool to guarantee that no data was removed between disjoint signed blocks, although it may be possible to gain some degree of confidence by comparing timestamps with known shutdown and startup times

-m
--ignoreMissingEndOfSignature

Description Ignore an error caused by the specified file missing the 'END SIGNED CONTENT' marker at the end of the file. This may occur if the tool is being run against a log file that is still open for writing, but it is not possible to guarantee that no content has been removed from the end of the file. When validating a log chain, this option will only apply to the first file that is processed, and all older files will be expected to have the end marker

-F
--ignoreMissingFile

Description Ignore an error caused by a log file that references another file that does not exist in the same directory as the file that references it. This may occur if the referenced file has already been removed by a retention policy, but it is not possible to guarantee that the file has not been removed for some other reason

--interactive

Description Launch the tool in interactive mode.

--propertiesFilePath {path}

Description The path to a properties file used to specify default values for arguments not supplied on the command line.
Required No
Multi-Valued No

--generatePropertiesFile {path}

Description Write an empty properties file that may be used to specify default values for arguments.
Required No
Multi-Valued No

--noPropertiesFile

Description Do not obtain any argument values from a properties file.

--suppressPropertiesFileComment

Description Suppress output listing the arguments obtained from a properties file.