friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalz_5.4.0.1/rzalzcodechecker.htm

143 lines
9.2 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Code checker commands to ensure signature integrity" />
<meta name="abstract" content="Learn about using commands to verify object signatures to determine object integrity." />
<meta name="description" content="Learn about using commands to verify object signatures to determine object integrity." />
<meta name="DC.Relation" scheme="URI" content="rzalzmanageobjects.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="codechecker" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Code checker commands to ensure signature integrity</title>
</head>
<body id="codechecker"><a name="codechecker"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Code checker commands to ensure signature integrity</h1>
<div><p>Learn about using commands to verify object signatures to determine
object integrity.</p>
<p>You can use Digital Certificate Manager (DCM) or APIs to verify signatures
on objects. You can also use several commands to check signatures. Using these
commands allows you to verify signatures in much the same way that you use
a virus checker to determine when a virus has corrupted files or other objects
on your system. Most signatures are checked as the object is restored or installed
on to the system, for example by using the RSTLIB command. </p>
<p>You can choose one of three commands to check signatures on objects that
are already on the system. Of these, the Check Object Integrity (CHKOBJITG)
command is designed specifically for verifying object signatures. Signature
checking for each of these commands is controlled by the CHKSIG parameter.
This parameter allows you to check all object types that can be signed for
signatures, ignore all signatures, or check only objects that have signatures.
This last option is the default value for the parameter.</p>
<div class="section"><h4 class="sectiontitle">Check Object Integrity (CHKOBJITG) command</h4><p>The Check
Object Integrity (<a href="../cl/chkobjitg.htm">CHKOBJITG</a>)
command allows you to allows you to determine if objects on your system have
integrity violations. You can use this command to check for integrity violations
for objects that a specific user profile owns, objects that match a specific
path name, or all objects on the system. An integrity violation log entry
occurs when one of these conditions is met: </p>
<ul><li>A command, a program, a module object, or a library's attributes, has
been altered. </li>
<li>The digital signature on an object is determined to be invalid. The signature
is an encrypted mathematical summary of the data in the object; therefore,
the signature is considered to match and be valid if the data in the object
during verification matches the data in the object when it was signed. An
invalid signature is determined based on a comparison of the encrypted mathematical
summary that is created when the object is signed and the encrypted mathematical
summary done during signature verification. The signature verification process
compares the two summary values. If the values are not the same, the contents
of object have changed since it was signed and the signature is considered
to be invalid.</li>
<li>An object has an incorrect domain attribute for the object type.</li>
</ul>
<p>If the command detects an integrity violation for an object, it adds
the object name, library name (or path name), object type, object owner, and
type of failure to a database log file. The command also creates a log entry
in certain other cases, although these cases are not integrity violations.
For example, the command creates a log entry for objects that are signable
but do not have a digital signature, objects that it can not check, and objects
in a format that requires changes in order to be used on the current system
implementation (IMPI to RISC conversion).</p>
<p>The CHKSIG parameter value
controls how the command handles digital signatures on objects. You can specify
one of three values for this parameter: </p>
<ul><li>*SIGNED When you specify this value, the command checks objects with
digital signatures. The command creates a log entry for any object with a
signature that is not valid. This is the default value.</li>
<li>*ALL When you specify this value, the command checks all <a href="rzalzsignableobjects.htm#signableobjects">signable
objects</a> to determine whether they have a signature. The command creates
a log entry for any signable object that does not have a signature and for
any object with a signature that is not valid.</li>
<li>*NONE When you specify this value, the command does not check digital
signatures on objects.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Check Product Option (CHKPRDOPT) command</h4><p>The Check
Product Option (<a href="../cl/chkprdopt.htm ">CHKPRDOPT</a>)
command reports differences between the correct structure and the actual structure
of a software product. For example, the command reports an error if an object
is deleted from an installed product. </p>
<p>The CHKSIG parameter value controls
how the command handles digital signatures on objects. You can specify one
of three values for this parameter: </p>
<ul><li>*SIGNED When you specify this value, the command checks objects with
digital signatures. The command verifies the signatures on any signed objects.
If the command determines that the signature on an object is not valid, the
command sends a message to the job log and the identifies the product as being
in an erroneous state. This is the default value.</li>
<li>*ALL When you specify this value, the command checks all <a href="rzalzsignableobjects.htm#signableobjects">signable
objects</a> to determine whether they have a signature and verifies the
signature on these objects. The command sends a message to the job log for
any signable object that does not have a signature; however, the command does
not identify the product as erroneous. If the command determines that a signature
on an object is not valid, it sends a message to the job log and sets the
product as erroneous. </li>
<li>*NONE When you specify this value, the command does not check digital
signatures on product objects.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Save Licensed Program (SAVLICPGM) command</h4><p>The
Save Licensed Program (<a href="../cl/savlicpgm.htm">SAVLICPGM</a>)
command allows you to save a copy of the objects that make up a licensed program.
It saves the licensed program in a form that can be restored by the Restore
Licensed Program (RSTLICPGM) command. </p>
<p>The CHKSIG parameter value controls
how the command handles digital signatures on objects. You can specify one
of three values for this parameter: </p>
<ul><li>*SIGNED When you specify this value, the command checks objects with
digital signatures. The command verifies the signatures on any signed objects
but does not check unsigned objects. If the command determines that the signature
on an object is not valid, the command sends a message to the job log to identify
the object and the save will fail. This is the default value.</li>
<li>*ALL When you specify this value, the command checks all <a href="rzalzsignableobjects.htm#signableobjects">signable
objects</a> to determine whether they have a signature and verifies the
signature on these objects. The command sends a message to the job log for
any signable object that does not have a signature; however, the save process
does not end. If the command determines that a signature on an object is not
valid, it sends a message to the job log and the save will fail. </li>
<li>*NONE When you specify this value, the command does not check digital
signatures on product objects.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalzmanageobjects.htm" title="Use this information to learn about system commands and system values that you can use to work with signed objects and how signed objects affect backup and recovery processes.">Manage signed objects</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink