Specifies whether objects without signatures and/or with signatures that are not valid are restored. (QVFYOBJRST)
Verify object signatures during restore, also known as QVFYOBJRST, is a member of the save and restore category of i5/OS™ system values. You can use this system value to specify whether to restore objects without signatures or with signatures that are not valid. To learn more, keep reading.
| Quick reference | |
|---|---|
| Location | In iSeries™ Navigator, select your system, |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM) |
| Default value | Verify object signatures on restore; allow restore of objects without signatures |
| Changes take effect | Immediately |
| Lockable | Yes Lock function of security-related system values (Click for details) |
What can I do with this system value?
Specifies the policy to be used for object signature verification during a restore operation. This value applies to the following types of objects: programs (*PGM), commands (*CMD), service programs (*SRVPGM), SQL packages (*SQLPKG), and modules (*MODULE). It also applies to stream file (*STMF) objects that contain Java™ programs.
If Digital Certificate Manager is not installed on the system, all objects are treated as unsigned when determining the effects of this system value on those objects during a restore operation.
The following are possible options:
- Do not verify object signatures on restore. (1)
Do not verify signatures on restore. Restore all objects regardless of their signature.
This value should not be used unless you have a large number of signed objects to restore which will fail their signature verification for some acceptable reason. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; allow restore of objects
without signatures and with signatures that are not valid. (2)
Verify signatures on restore. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects, even if signatures are not valid.
This value should be used only if there are specific objects with signatures that are not valid which you want to restore. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; allow restore of objects
without signatures. (3)
Verify signatures on restore. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects only if signatures are valid.
This value may be used for normal operations, when you expect some of the objects you load to be unsigned, but you want to ensure that all signed objects have signatures that are valid. This is the default value.
- Verify object signatures on restore; allow restore of objects
with signatures that are not valid. (4)
Does not restore unsigned user-state objects. Restores signed user-state objects, even if signatures are not valid.
This value should be used only if there are specific objects with signatures that are not valid which you want to restore, but you do not want the possibility of unsigned objects being restored. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; do not allow restore of
objects without signatures or with signatures that are not valid. (5)
Does not restore unsigned user-state objects. Restores signed user-state objects only if signatures are valid.
This value is the most restrictive value and should be used when the only objects you want to allow to be restored are those which have been signed by trusted sources.
Objects that have the system-state attribute and objects that have the inherit-state attribute are required to have valid signatures from a system-trusted source. The only value that will allow a system-state or inherit-state object to restore without a valid signature is Do not verify signatures on restore. Allowing such a command or program represents an integrity risk to your system. If you must change this system value to Do not verify signatures on restore to allow such an object to restore on your system, be sure to change this system value back to its previous value after the object has been restored.
Some command (*CMD) objects have a signature that does not cover all parts of the object. Some parts of the command are not signed while other parts are only signed when they contain a non-default value. This type of signature allows some changes to be made to the command without invalidating its signature. Examples of changes that will not invalidate these types of signatures include:
- Changing command defaults
- Adding a validity checking program to a command that does not have one
- Changing the 'where allowed to run' parameter
- Changing the 'allow limited users' parameter
If you want, you can add your own signature to these commands that includes these areas of the command object.
For more information, see Object signing and signature verification.
The restore system values work together when restoring objects. For more information about how these system values work together, see Effects of system value settings on restore operations.
Where can I get more information about this system value?
To learn more, go to the save and restore system values overview topic. If you are looking for a specific system value or category of system values, try using the i5/OS system value finder.