Object signing scenarios

 

Review the scenarios that illustrate some typical situations for using i5/OS^® object signing and signature verification capabilities. Each scenario also provides the configuration tasks perform to implement the scenario as described.

Your system provides several different methods for signing objects and verifying signatures on objects. How you choose to sign objects and how you work with signed objects varies based on your business and security needs and objectives. In some cases, you may need only to verify object signatures on your system to ensure that object integrity is intact. In other cases, you may choose to sign objects that you distribute to others. Signing the objects allows others to identify the origin of the objects and to check the integrity of the objects.

Which method you choose to use depends on a variety of factors. The scenarios provided in this topic describe some of the more common object signing and signature verification objectives within typical business contexts. Each scenario also describes any prerequisites and the tasks that perform to implement the scenario as described. Review these scenarios to help you determine how you can use object signing capabilities in a way that best suits your business and security needs:

• Scenario: Using DCM to sign objects and verify signatures
  This scenario describes a company that wants to sign vulnerable application objects on their public Web server. They want to be able to more easily determine when there are unauthorized changes to these objects. Based on the company's business needs and security goals, this scenario describes how to use Digital Certificate Manager (DCM) as the primary method for using i5/OS object signing capabilities.

• Scenario: Using APIs to sign objects and verify object signatures
  This scenario describes an application development company that wants to programmatically sign the applications that it sells. They want to be able to assure their customers that the applications came from their company and provide them with a means of detecting unauthorized changes to the applications when installing them. Based on the company's business needs and security goals, this scenario describes how to use the i5/OS Sign Object API and the i5/OS Add Verifier API to sign objects and enable signature verification .

• Scenario: Using iSeries Navigator Management Central to sign objects
  This scenario describes a company that wants to use i5/OS object signing capabilities to sign objects that it packages and distributes to multiple systems. Based on the company's business needs and security goals, this scenario describes how to use iSeries™ Navigator's Management Central function to package and sign objects that they distribute to other systems.

 

Parent topic:

Object signing and signature verification