Previous Topic: cacertutil import—Import the Public KeyNext Topic: Viewing the Origin and Trust Level

Customizing Asset ManagementAsset CollectorSecurityinvSign—Sign, Verify, or Unsign an Inventory File

invSign—Sign, Verify, or Unsign an Inventory File

The invsign command is used to sign, verify, or unsign an inventory file.

Important! The invsign command accepts files with the following extensions: .xiu files for signing, and .xis files for unsigning. The .xiu file is renamed to .xis after successfully signing and the .xis file is renamed to .xiu on a successful unsign.

This command has the following format:

invsign command  xiu or xis file [certificate tag]
Command

Includes one of the following commands:

Sign

Signs the inventory file with the given certificate tag. The signature contains a binary stream of data that is appended to end of the inventory file.

Important! Opening a signed inventory file adds unexpected characters at the end of the file. Therefore, do not open or attempt to modify a signed inventory file as it may invalidate the signature and cause the file to be rejected by the Asset Collector.

Note: The private keys must have already been imported into the certificate store using the tag name given with the sign command. Also, to sign an inventory file, a certificate must be installed in comstore of the computer where you are signing.

Verify

Verifies the signature in the inventory file.

Note: The public keys must be available under the same tag name as provided during the signing process.

Unsign

Removes the signature from the inventory file.

Inventory File

Defines the name of the inventory file that you want to sign, verify, or unsign.

Certificate Tag

(Mandatory for sign command). Defines the certificate tag that you want to assign while signing the inventory file.

Note: A certificate tag is an identifier for a unique certificate. Each certificate is assigned a certificate tag.

The Certificate tag is required only with the sign command.

Example: invSign Command

invsign sign Server1.xiu AssetCollector

invSign verify Server1.xis

invSign unsign Server1.xis

You can specify multiple files for signing, un-signing and verifying with the invsign command line.

The format of a multi-file sign is:

Invsign sign file1.xiu file2.xiu file3.xiu [certificate tag]

You can also use wild cards:

Invsign sign f*.xiu [certificate tag]

Or you can use a combination of both:

Invsign sign f*.xiu newComputer.xiu [certificate tag]

Important! You can specify multiple files and wild cards with unsign and verify commands also. With these commands the CertificateName should not be supplied.

More information:

Inventory File Types