Object signing and signature verification

 

Find information about i5/OS^® object signing and signature verification security capabilities that you can use to ensure the integrity of objects. Learn how to use one of several i5/OS methods for creating digital signatures on objects to identify the source of the object and provide a means for detecting changes to the object. Also learn how to enhance system security by verifying digital signatures on objects, including operating system objects, to determine whether there have been changes to the contents of the object since it was signed.

Object signing and signature verification are security capabilities that you can employ to verify the integrity of a variety of objects. You use a digital certificate's private key to sign an object, and you use the certificate (which contains the corresponding public key) to verify the digital signature. A digital signature ensures the integrity of time and content of the object that you are signing. The signature provides proof of both authenticity and authorization. It can be used to show proof of origin and detect tampering. By signing the object, you identify the source of the object and provide a means for detecting changes to the object. When you verify the signature on an object you can determine whether there have been changes to the contents of the object since it was signed. You can also verify the source of the signature to ensure the reliability of the object's origin.

You can implement object signing and signature verification by:

• APIs to sign objects and to verify the signatures on objects programmatically.

• Digital Certificate Manager to sign objects and to view or to verify object signatures.

• iSeries™ Navigator Management Central to sign objects as part of distributing packages for other systems to use.

• CL commands, such as Check Object Integrity (CHKOBJITG) to verify signatures.

To learn more about these methods of signing objects and how signing objects can enhance your current security policy, review these topics:

By using the code examples, you agree to the terms of the Code license and disclaimer information.

• Printable PDF
  Use this information to print the entire topic of i5/OS object signing and signature verification as a PDF file.

• Object signing concepts
  This topic provides concept and reference information about i5/OS digital signatures and how the i5/OS object signing and signature verification processes work.

• Object signing scenarios
  Review the scenarios that illustrate some typical situations for using i5/OS object signing and signature verification capabilities. Each scenario also provides the configuration tasks perform to implement the scenario as described.

• Object signing and signature verification prerequisites
  This topic provides information about configuration prerequisites, as well as other planning considerations for signing objects and verifying signatures on your system running the i5/OS operating system.

• Managing signed objects
  Use this information to learn about i5/OS system commands and system values that you can use to work with signed objects and how signed objects affect backup and recovery processes.

• Troubleshooting signed objects
  This topic provides information about i5/OS commands and system values that you can use to work with signed objects and how signed objects affect backup and recovery processes.

• Related information for object signing and signature verification
  This topic provides links to other resources for learning more about i5/OS object signing and signature verification.