ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalz_5.4.0.1/rzalzsignableobjects.htm

166 lines
11 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Signable objects" />
<meta name="abstract" content="Learn about which objects you can sign and about command (*CMD) object signature options." />
<meta name="description" content="Learn about which objects you can sign and about command (*CMD) object signature options." />
<meta name="DC.Relation" scheme="URI" content="rzalzobjconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalzdigitalsignatures.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurazhudigitalcertmngmnt.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="signableobjects" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Signable objects</title>
</head>
<body id="signableobjects"><a name="signableobjects"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Signable objects</h1>
<div><p>Learn about which objects you can sign and about command (*CMD)
object signature options.</p>
<p>You can digitally sign a variety of i5/OS™ object types, regardless of the method
that you use to sign them. You can sign any object (*STMF) that you store
in the system's integrated file system, except objects that are stored in
a library. If the object has an attached Java™ program, the program will also be signed.
You can sign only these objects in the QSYS.LIB file system: programs (*PGM),
service programs (*SRVPGM), modules (*MODULE), SQL packages (*SQLPKG), *FILE
(save file only), and commands (*CMD). </p>
<p>To sign an object, it must reside on the local system. For example, if
you operate a Windows<sup>®</sup> 2000 server on an Integrated xSeries<sup>®</sup> Server
for iSeries™,
you have the QNTC file system available in the integrated file system. The
directories in this file system are not considered local because they contain
files that are owned by the Windows 2000 operating system. Also,
you cannot sign empty objects or objects that are compiled for a release before
V5R1. </p>
<div class="section"><h4 class="sectiontitle">Command (*CMD) object signatures</h4><p>When you sign *CMD
objects, you can choose one of two <a href="rzalzdigitalsignatures.htm#digitalsignatures">types
of digital signatures</a> to apply to the *CMD object. You can elect either
to sign the entire object, or to sign the core part of the object only. When
you elect to sign the entire object, the signature is applied to all but a
few nonessential bytes of the object. The entire object signature includes
the items contained in the core object signature. </p>
<p>When you elect to
sign only the core object, the essential bytes are protected by the signature
while bytes that are subject to more frequent changes are not signed. Which
bytes are unsigned varies based on the *CMD object, but can include bytes
that determine the mode in which the object is valid or determine where the
object is allowed to run, among others. Core signatures do not include parameter
defaults on the *CMD objects, for example. This type of signature allows some
changes to be made to the command without invalidating its signature. Examples
of changes that will not invalidate these types of signatures include: </p>
<ul><li>Changing command defaults.</li>
<li>Adding a validity checking program to a command that does not have one. </li>
<li>Changing the Where allowed to run' parameter.</li>
<li>Changing the Allow limited users parameter.</li>
</ul>
<p>The following table describes exactly which bytes in a *CMD object
are included as part of the core object signature.</p>
</div>
<div class="section"><h4 class="sectiontitle">Composition of core object signature on *CMD objects</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><thead align="left"><tr><th valign="top" width="47.474747474747474%" id="d0e67">Part of object</th>
<th valign="top" width="52.52525252525253%" id="d0e69">Relationship to core object signature</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Command defaults changed by CHGCMDDFT</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Program to process command and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Always included as part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">REXX source file and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">REXX source member</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature </td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">REXX command environment and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">REXX exit program name, library, and exit code</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Validity checking program and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Mode in which valid</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Where allowed to run</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Allow limited users</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Help bookshelf</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Help panel group and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Help identifier</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Help search index and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Current<sup>®</sup> library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Product library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Prompt override program and library</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Included if specified for the command at the time of
signing, otherwise not part of the core object signature</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Text (description)</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of either a core object signature or an entire
object signature because it is not stored in the object</td>
</tr>
<tr><td valign="top" width="47.474747474747474%" headers="d0e67 ">Enable graphical user interface (GUI)</td>
<td valign="top" width="52.52525252525253%" headers="d0e69 ">Not part of the core object signature</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalzobjconcepts.htm" title="Use this concept and reference information to learn more about digital signatures and the object signing and signature verification processes work.">Object signing concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzalzdigitalsignatures.htm" title="Learn about what digital signatures are and what protection they provide.">Digital signatures</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzahu/rzahurazhudigitalcertmngmnt.htm">Digital Certificate Manager (DCM)</a></div>
</div>
</div>
</body>
</html>