Scenario: Use DCM to sign objects and verify signatures

This scenario describes a company that wants to sign vulnerable application objects on their public Web server. They want to be able to more easily determine when there are unauthorized changes to these objects. Based on the company's business needs and security goals, this scenario describes how to use Digital Certificate Manager (DCM) as the primary method for signing objects and verifying object signatures.

Situation

As an administrator for MyCo, Inc. you are responsible for managing your company's two systems. One of these systems provides a public Web site for your company. You use the company's internal production system to develop the content for this public Web site and transfer the files and program objects to the public Web server after testing them.

The company's public Web server provides a general company information Web site. The Web site also provides various forms that customers fill out to register products, and to request product information, product update notices, product distribution locations, and so forth. You are concerned about the vulnerability of the cgi-bin programs that provide these forms; you know that they might be altered. Therefore, you want to be able to check the integrity of these program objects and to detect when unauthorized changes have been made to them. Consequently, you have decided to digitally sign these objects to accomplish this security goal.

You have researched i5/OS™ object signing capabilities and have learned that there are several methods that you can use to sign objects and verify object signatures. Because you are responsible for managing a small number of systems and do not feel that you will need to sign objects often, you have decided to use Digital Certificate Manager (DCM) for performing these tasks. You have also decided to create a Local Certificate Authority (CA) and use a private certificate to sign objects. Using a private certificate issued by a Local CA for object signing limits the expense of using this security technology because you do not have to purchase a certificate from a well-known public CA.

This example serves as a useful introduction to the steps involved in setting up and using object signing when you want to sign objects on a small number of systems.

Scenario advantages

This scenario has the following advantages:

Objectives

In this scenario, you want to digitally sign vulnerable objects, such as cgi-bin programs that generate forms, on your company's public server. As the system administrator at MyCo, Inc, you want to use Digital Certificate Manager (DCM) to sign these objects and to verify the signatures on the objects.

The objectives for this scenario are as follows:

Details

The following figure illustrates the object signing and signature verification process for implementing this scenario:


Fig. 1 DCM object signing process illustration (text description follows figure)

The figure illustrates the following points relevant to this scenario:

System A

System B

Prerequisites and assumptions

This scenario depends on the following prerequisites and assumptions:

  1. All systems meet the requirements for installing and using Digital Certificate Manager (DCM).
  2. No one has previously configured or used DCM on any of the systems.
  3. All systems have the highest level of Cryptographic Access Provider 128-bit licensed program (5722-AC3) installed.
  4. The default setting for the verify object signatures during restore (QVFYOBJRST) system value on all scenario systems is 3 and has not been changed from this setting. The default setting ensures that the server can verify object signatures as you restore the signed objects.
  5. The system administrator for System A must have *ALLOBJ special authority to sign objects, or the user profile must be authorized to the object signing application.
  6. The system administrator or anyone else who creates a certificate store in DCM must have *SECADM and *ALLOBJ special authorities.
  7. The system administrator or others on all other systems must have *AUDIT special authority to verify object signatures.

Configuration task steps

There are two sets of tasks that you must complete to implement this scenario: One set of tasks allows you to configure System A as a Local Certificate Authority (CA) and to sign and verify object signatures. The second set of tasks allows you to configure System B to verify object signatures that System A creates.

See the scenarios details topic presented below to complete these steps.

System A task steps

You must complete each of these tasks on System A to create a private Local CA and to sign objects and verify the object signature as this scenario describes:

  1. Complete all prerequisite steps to install and configure all needed iSeries products
  2. Use DCM to create a Local Certificate Authority (CA) to issue an object signing certificate.
  3. Use DCM to create an application definition
  4. Use DCM to assign a certificate to the object signing application definition
  5. Use DCM to sign the cgi-bin program objects
  6. Use DCM to export the certificates that other systems must use for verifying object signatures You must export both a copy of the Local CA certificate and a copy of the object signing certificate as a signature verification certificate to a file.
  7. Transfer the certificate files to the company's public server (System B) so that you and others can verify the signatures that System A creates

System B task steps

If you intend to restore the signed objects that you transfer to the public Web server in this scenario (System B), you need to complete these signature verification configuration tasks on System B before you transfer the signed objects. Signature verification configuration must be completed before you can successfully verify signatures as you restore the signed objects on the public Web server.

On System B, you must complete these tasks to verify signatures on objects as this scenario describes:

  1. Use Digital Certificate Manager (DCM) to create the *SIGNATUREVERIFICATION certificate store
  2. Use DCM to import the Local CA certificate and the signature verification certificate
  3. Use DCM to verify the signatures on transferred objects
Related information
Digital Certificate Manager (DCM)