The Signature FormatManaging NVT signaturesManaging NVT signaturesWhat is a Signature?

What is a Signature?

A clever method is applied to compute a unique checksum for a file. If only a single character in the file changes, the checksum changes as well. This checksum is digitally signed in a way that you can test with a public certificate whether a certain key was used to create the signature. Such a key and certificate always form a pair. If the signed file has been modified by a third party, the signature will be broken. In this case the file should be considered compromised or corrupt.

If the signature is verified, you must still determine if you trust the provider of the NVT file(s) and keys. There are many ways and tools to manage this.

In summary, an NVT file is paired with a signature (in a seperate signature file) and that pair then has a checksum computed. The checksum verifies the integrity of the NVT file. If the checksum does not match the expected result, the NVT file should be considered untrustworthy.

It is your responsibility to verify that the manager of the Feed Service is indeed the person he or she claims to be and to make sure the tests performed by this person are sufficient for you.


The Signature FormatManaging NVT signaturesManaging NVT signaturesWhat is a Signature?