Verifying Virtual Channel Plugin Signatures
For additional security, virtual channel plugins can be signed, and the digital signature can be verified. Before loading a virtual channel plugin, the client checks whether the plugin has a valid digital signature. If the digital signature cannot be verified, the plugin is prevented from loading.
Digital signature verification is controlled via the following client-side registry entries:
| Registry Key | Entry | Type | Value |
|---|---|---|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Teradici\PCoIP\pcoip_admin | pcoip.enable_vchan_plugin_signature_verification | REG_SZ | 0 = Disabled 1 = Enabled Default: Disabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Teradici\PCoIP\pcoip_admin | pcoip.vchan_plugin_signature_verification_exception_list | REG_SZ | Exception list. Example: plugin1 plugin2 plugin3 The default value is an empty list. |
When specifying a virtual channel list, the following rules apply:
- An empty list is allowed
- Multiple virtual channel names in the list must be separated by the vertical bar (|) character. For example: channelA|channelB
- Vertical bar or backslash () characters in virtual channel names must be preceded by a backslash. For example: the channel name "awk|ward\channel" must be specified as "awk|ward\channel" (without the double quotes)
Validating the Virtual Channel Plugin Signature
-
In File Explorer, right-click the plugin file and select Properties.
-
Click Digital Signatures.
-
In the Embedded Signatures table, verify if there is at least one digital signature.
-
Select a digital signature in the table and click Details to check its validity.
If the signature is valid, the following message will be displayed:
