iManage Work Desktop for Windows 10.3.0 and later provides enhanced security to the Auto Update feature by providing a signed update.ini file. This allows you to have the flexibility to customize the update.ini file but with added security that differentiates between a customized update.ini file and a compromised update.ini file. With this security upgrade, you have to generate signature files and verify these signature files based on a private key file, every time you edit the update.ini file. You can generate and verify these signature files using the ConfigFileSigner.exe utility.
To generate signature files and verify these files using the ConfigFileSigner.exe utility, do the following:
Ensure that the update server includes the following files:
Run the following command to generate the signature file.
ConfigFileSigner.exe -sign <pathtoprivate.key> <pathToUpdate.ini>
This creates the sign.txt in the working directory by running the following command:
openssl.exe dgst -sha256 -sign \
"\" -out sign.txt \""
] + "\".
Alternatively, you can also upload the new sign.txt, pubkey.pem, and pubkey.crt files to iManage Control Center. These files are downloaded to %ProgramData%\iManage\AgentServices\CentralizedConfigs by iManage Work Desktop for Windows and iManage Updater reads all information from this file.
Set the following registry key settings on the client machine to match the subject and the issuer.
Type: String (REG_SZ)
Value: <Issuer value>
Type: String (REG_SZ)
Value: <subject value>
Run the following command to validate the signature file.
ConfigFileSigner.exe -verify <pathtopublickey.pem> <pathtosign.txt> <pathtopublickey.crt> <pathtoupdate.ini>
This creates the SigVerify.txt file by running the following command to verify if the signature for the update.ini file matches the update.ini file.
openssl.exe dgst -sha256 -verify \
"\" -signature \""
] + "\"
And then runs the following command to create the CrtVerify.txt file to verify the subject and issuer of the keys supplied. This file also contains the output values for both issuer and subject.
openssl.exe x509 -in
" + sArgs + "
-text -out " + sOutputCrtFile