Learn about using commands to verify object signatures to determine
object integrity.
You can use Digital Certificate Manager (DCM) or APIs to verify signatures
on objects. You can also use several commands to check signatures. Using these
commands allows you to verify signatures in much the same way that you use
a virus checker to determine when a virus has corrupted files or other objects
on your system. Most signatures are checked as the object is restored or installed
on to the system, for example by using the RSTLIB command.
You can choose one of three commands to check signatures on objects that
are already on the system. Of these, the Check Object Integrity (CHKOBJITG)
command is designed specifically for verifying object signatures. Signature
checking for each of these commands is controlled by the CHKSIG parameter.
This parameter allows you to check all object types that can be signed for
signatures, ignore all signatures, or check only objects that have signatures.
This last option is the default value for the parameter.
Check Object Integrity (CHKOBJITG) command
The Check
Object Integrity (CHKOBJITG)
command allows you to allows you to determine if objects on your system have
integrity violations. You can use this command to check for integrity violations
for objects that a specific user profile owns, objects that match a specific
path name, or all objects on the system. An integrity violation log entry
occurs when one of these conditions is met:
- A command, a program, a module object, or a library's attributes, has
been altered.
- The digital signature on an object is determined to be invalid. The signature
is an encrypted mathematical summary of the data in the object; therefore,
the signature is considered to match and be valid if the data in the object
during verification matches the data in the object when it was signed. An
invalid signature is determined based on a comparison of the encrypted mathematical
summary that is created when the object is signed and the encrypted mathematical
summary done during signature verification. The signature verification process
compares the two summary values. If the values are not the same, the contents
of object have changed since it was signed and the signature is considered
to be invalid.
- An object has an incorrect domain attribute for the object type.
If the command detects an integrity violation for an object, it adds
the object name, library name (or path name), object type, object owner, and
type of failure to a database log file. The command also creates a log entry
in certain other cases, although these cases are not integrity violations.
For example, the command creates a log entry for objects that are signable
but do not have a digital signature, objects that it can not check, and objects
in a format that requires changes in order to be used on the current system
implementation (IMPI to RISC conversion).
The CHKSIG parameter value
controls how the command handles digital signatures on objects. You can specify
one of three values for this parameter:
- *SIGNED – When you specify this value, the command checks objects with
digital signatures. The command creates a log entry for any object with a
signature that is not valid. This is the default value.
- *ALL – When you specify this value, the command checks all signable
objects to determine whether they have a signature. The command creates
a log entry for any signable object that does not have a signature and for
any object with a signature that is not valid.
- *NONE – When you specify this value, the command does not check digital
signatures on objects.
Check Product Option (CHKPRDOPT) command
The Check
Product Option (CHKPRDOPT)
command reports differences between the correct structure and the actual structure
of a software product. For example, the command reports an error if an object
is deleted from an installed product.
The CHKSIG parameter value controls
how the command handles digital signatures on objects. You can specify one
of three values for this parameter:
- *SIGNED – When you specify this value, the command checks objects with
digital signatures. The command verifies the signatures on any signed objects.
If the command determines that the signature on an object is not valid, the
command sends a message to the job log and the identifies the product as being
in an erroneous state. This is the default value.
- *ALL – When you specify this value, the command checks all signable
objects to determine whether they have a signature and verifies the
signature on these objects. The command sends a message to the job log for
any signable object that does not have a signature; however, the command does
not identify the product as erroneous. If the command determines that a signature
on an object is not valid, it sends a message to the job log and sets the
product as erroneous.
- *NONE – When you specify this value, the command does not check digital
signatures on product objects.
Save Licensed Program (SAVLICPGM) command
The
Save Licensed Program (SAVLICPGM)
command allows you to save a copy of the objects that make up a licensed program.
It saves the licensed program in a form that can be restored by the Restore
Licensed Program (RSTLICPGM) command.
The CHKSIG parameter value controls
how the command handles digital signatures on objects. You can specify one
of three values for this parameter:
- *SIGNED – When you specify this value, the command checks objects with
digital signatures. The command verifies the signatures on any signed objects
but does not check unsigned objects. If the command determines that the signature
on an object is not valid, the command sends a message to the job log to identify
the object and the save will fail. This is the default value.
- *ALL – When you specify this value, the command checks all signable
objects to determine whether they have a signature and verifies the
signature on these objects. The command sends a message to the job log for
any signable object that does not have a signature; however, the save process
does not end. If the command determines that a signature on an object is not
valid, it sends a message to the job log and the save will fail.
- *NONE – When you specify this value, the command does not check digital
signatures on product objects.