This chapter describes the procedure to sign an eAIP package using PGP. See also the eAIP Security Risks and Mitigation Strategies in the eAIP Specification.
You need to have installed and configured WinPT, as described in How to setup up a PGP signing environment.
Additionally, you need software to create Zip packages. The most widely used is WinZip.
The steps are:
Generate a single Zip package containing the eAIP. For example, name this file EC-AMDT-2003-10-16-all.zip.
Open the WinPT File Manager window by right-clicking the WinPT tray icon (bottom right of the screen) and selecting File Manager.
Open Windows Explorer, browse to the directory where your zip package is located and "drag and drop" this package in the WinPT File Manager. Then, right-click on the package entry in WinPT File Manager and select Sign from the options.
From the File Sign dialogue box, select Normal signature in order to have the signature appended to the file. De-select Create ASCII armoured output. Click OK.
After a click on OK, another dialogue box asks you to enter the pass-phrase associated with the PGP key.
If your pass-phrase was correct, you now have the new signed file with an extension .pgp.
Steps for distribution
Send your public key to end-users who request it. Export of public key is described in How to setup up a PGP signing environment.
Send the signed package.