83 lines
5.9 KiB
HTML
83 lines
5.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Digital certificates for verifying object signatures" />
|
||
|
<meta name="abstract" content="This information explains how to use certificates to verify the digital signature on an object to verify its authenticity." />
|
||
|
<meta name="description" content="This information explains how to use certificates to verify the digital signature on an object to verify its authenticity." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahu4aagetstarteddcm.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahurzahusignsigningobjects.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzakz/rzakzfinder.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="certs_to_verify_sign" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Digital certificates for verifying object signatures</title>
|
||
|
</head>
|
||
|
<body id="certs_to_verify_sign"><a name="certs_to_verify_sign"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Digital certificates for verifying object signatures</h1>
|
||
|
<div><p>This information explains how to use certificates to verify the
|
||
|
digital signature on an object to verify its authenticity.</p>
|
||
|
<p><span class="keyword">IBM<sup>®</sup> i5/OS™</span> provides support
|
||
|
for using certificates to verify digital signatures on objects. Anyone who
|
||
|
wants to ensure that a signed object has not been changed in transit and that
|
||
|
the object originated from an accepted source can use the signing certificate's
|
||
|
public key to verify the original digital signature. If the signature no longer
|
||
|
matches, the data may have been altered. In such a case, the recipient can
|
||
|
avoid using the object and can instead contact the signer to obtain another
|
||
|
copy of the signed object.</p>
|
||
|
<p>The signature on an object represents the system that signed the object,
|
||
|
not a specific user on that system. As part of the process of verifying digital
|
||
|
signatures, you must decide which Certificate Authorities you trust and which
|
||
|
certificates you trust for signing objects. When you elect to trust a Certificate
|
||
|
Authority (CA), you can elect whether to trust signatures that someone creates
|
||
|
by using a certificate that the trusted CA issued. When you elect not to trust
|
||
|
a CA, you also are electing not to trust certificates that the CA issues or
|
||
|
signatures that someone creates by using those certificates. </p>
|
||
|
<p><span class="uicontrol">Verify object restore (QVFYOBJRST) system value</span></p>
|
||
|
<p>If you decide to perform signature verification, one of the first important
|
||
|
decisions you must make is to determine how important signatures are for objects
|
||
|
being restored to your system. You control this with a system value called
|
||
|
Verify object signatures during restore (QVFYOBJRST). The default setting
|
||
|
for this system value allows unsigned objects to be restored, but ensures
|
||
|
that signed objects can be restored only if the objects have a valid signature.
|
||
|
The system defines an object as signed only if the object has a signature
|
||
|
that your system trusts; the system ignores other, "untrusted" signatures
|
||
|
on the object and treats the object as if it is unsigned.</p>
|
||
|
<p>There are several values that you can use for the <a href="../rzakz/rzakzqvfyobjrst.htm">QVFYOBJRST</a> system value, ranging from ignoring all signatures
|
||
|
to requiring valid signatures for all objects that the system restores. This
|
||
|
system value only affects executable objects that are being restored, not
|
||
|
save files or integrated file system files. To learn more about using this
|
||
|
and other system values, see the System Value Finder in the <span class="keyword">iSeries™ Information Center</span>.</p>
|
||
|
<p>You use Digital Certificate Manager (DCM) to implement your
|
||
|
certificate and CA trust decisions as well as to manage the certificates that
|
||
|
you use to verify object signatures. You can also use DCM to sign objects
|
||
|
and to verify object signatures.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahurzahu4aagetstarteddcm.htm" title="Use this information to help you decide how and when you might use digital certificates to meet your security goals. Use this information to learn about any prerequisites you need to install, as well as other requirements that you must consider before using DCM.">Plan for DCM</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzahurzahusignsigningobjects.htm" title="Use this information to learn how to use certificates to ensure an object's integrity or to verify the digital signature on an object to verify its authenticity.">Digital certificates for signing objects</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../rzakz/rzakzfinder.htm">System Vaule Finder</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|