How To
Summary
The files that you download and use to install IBM Business Automation Workflow are digitally signed. You can optionally verify the integrity of these files to ensure that they originated from IBM and have not been modified.
Steps
Signature validation
Code signatures enable you to verify that a downloaded file was created by IBM and that no bits in the file were changed. The process involves the following steps:
- Download the files, which include the IBM Business Automation Workflow signed installation files, attached signature files, and key material (certificates). The following signature files are attached are the very end of this document:
signatures.zip:
Use this signature file if you are downloading the IBM Business Automation Workflow repository from Passport Advantage.fix-central-signatures-BAW-Vxxxxx.zip
: Use these signature files if you are downloading the IBM Business Automation Workflow repository from Fix Central.
- Validate that the certificates were issued to IBM by a trusted certificate authority.
- Validate that the signature in each downloaded signed file was created using a private key that matches the certificate validated in step 2.
The instructions in this document assume that
OpenSSL
is installed.Step 1: Download the files
- Signed files: <file> - The IBM Business Automation Workflow binary installation files, such as
BAW_20_0_0_1_Windows_1_of_3.zip
orworkflow2201.delta.repository.zip
. - Signature files: <file.sig> - The signature files for the above binary files, such as
BAW_20_0_0_1_Windows_1_of_3.zip.sig
orworkflow2201.delta.repository.zip.sig
. Note that some binary files are shipped under multiple part numbers. Because it might be easier to identify files by part number, the corresponding signature files are included in the attached filessignatures.zip
,fix-central-signatures-BAW-V20-0-0-1.zip
, andfix-central-signatures-BAW-V20-0-0-2.zip
, for exampleCC704ML.tar.gz.sig
,BAWE_20_0_0_1_AIX_1_of_2.tar.gz.sig
,CC702ML.tar.gz
, andBAW_20_0_0_1_AIX_1_of_2.tar.gz.sig
in the .zip archive attached at the end of this document. - Key material:
baw-cert.pem
orbaw-cert-2022.pem
- The public certificate issued to IBM by a public certificate authority for the purpose of code signing. - Key material:
baw-public.key
orbaw-public-2022.key
- The public key contained in the above certificate (which matches the private key used for code signing). This key isin the .zip archive attached at the end of this document.
- Key material:
intermediate.pem
orintermediate-2022.pem
- The public intermediate certificate owned by IBM, which represents this offering's development organization. This certificate isin the .zip
archive attached at the end of this document.
Step 2: Validate the certificate
You can validate that the public key
baw-public-2022.key
is present in the certificate baw-cert-2022.pem
and that the certificate is still valid. To view the certificate details, invoke openssl x509 -text -in baw-cert-2022.pem
and inspect the response:- Issuer (the public CA that validated IBM's identity):
C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Assured ID Code Signing CA
- Subject (the organization for which the certificate was issued):
C = US, ST = New York, L = Armonk, O = International Business Machines Corporation, OU = IBM CCSS, CN = International Business Machines
$ openssl x509 -text -in baw-cert-2022.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
05:b1:97:d8:59:5f:24:83:ca:92:04:22:9a:4c:76:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Validity
Not Before: Jan 30 00:00:00 2022 GMT
Not After : Jan 30 23:59:59 2024 GMT
Subject: C = US, ST = New York, L = Armonk, O = International Business Machines Corporation, OU = IBM CCSS, CN = International Business Machines Corporation
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:a8:8a:19:f7:ea:ca:73:1f:5d:6f:a2:11:3e:68:
9b:5e:73:6a:e4:34:5c:c8:77:cd:bd:a1:d8:95:9e:
00:f7:f8:b9:1d:de:fc:6e:3c:37:83:57:cc:7f:4d:
ab:46:09:8e:47:26:db:27:63:2c:3b:9a:77:c3:85:
cd:84:9c:d7:d7:33:56:71:5f:00:18:12:8f:ab:ed:
65:99:b8:da:f8:2b:b8:e2:b5:82:1e:a3:ff:b0:fc:
b9:36:33:ea:38:d4:81:45:91:a3:f5:80:73:58:e6:
39:0e:14:e6:44:04:ef:30:04:12:f5:fd:f8:58:4a:
d8:96:eb:6c:59:6f:00:87:31:80:e6:9f:58:89:26:
c6:07:ec:19:94:86:c6:62:4d:b6:69:85:3f:9f:cf:
22:63:82:59:7b:88:4d:2b:c6:22:90:3c:71:03:4c:
74:24:cc:30:a8:64:50:58:8b:c4:59:bc:b0:52:f3:
9e:29:8c:28:92:c0:7c:41:7b:6c:eb:30:80:e1:56:
c4:b3:e4:71:55:05:7a:98:31:14:f0:b5:cb:42:00:
4d:24:8f:fa:94:e0:5d:6c:46:b8:25:7e:e1:4d:2e:
a7:fa:96:db:3a:13:ce:c7:19:39:a2:ec:57:5c:44:
ff:95:3e:a8:aa:41:d4:bf:96:28:1a:06:29:4d:ae:
2c:5b:06:75:d5:f7:28:53:91:be:8f:7f:d2:c0:ea:
e8:64:05:25:af:24:3e:f5:ea:9c:4e:fd:99:65:12:
a1:3b:19:80:51:43:2c:a8:d3:1c:46:76:55:0b:3d:
92:1f:d1:22:4d:f7:83:2d:d3:cb:ba:41:4b:fe:0f:
e6:5e:b2:b0:86:0b:5d:80:c1:55:6b:5a:13:e3:4a:
24:30:22:d6:70:f1:5e:d5:76:a2:e5:be:79:e0:e5:
fe:45:d0:20:aa:eb:d2:ab:b1:5d:41:fe:f6:6c:db:
49:25:87:1d:c1:d0:c9:af:08:d4:99:b2:1d:c3:57:
d7:3d:b4:2e:4b:b7:e6:42:45:49:d3:4b:ff:7a:04:
eb:cd:78:56:49:48:fc:0d:36:f1:e3:8f:a0:dd:79:
49:37:27:20:83:d3:01:23:6b:7b:6d:f4:73:6f:ab:
23:b0:c0:05:b4:89:72:a8:fb:43:11:ef:ea:5e:2e:
93:c6:bd:6c:d6:f1:3e:92:4f:76:8b:d2:ed:ba:96:
a7:cd:dc:89:5e:a9:42:00:06:62:26:d3:56:45:5a:
bf:10:73:88:de:dd:bc:8b:bb:4f:85:65:2c:45:b5:
d7:e8:5d:72:f1:40:b8:5b:33:38:5a:4a:37:93:10:
91:8d:d4:df:63:ee:86:78:1b:04:db:c6:e6:98:79:
dc:f9:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
X509v3 Subject Key Identifier:
19:EE:DE:9B:8B:0B:2D:03:F7:07:16:E6:33:60:02:06:3D:7F:6A:C5
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.4.1
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
58:30:86:8f:20:89:93:65:e7:11:52:b0:2d:b1:a7:39:9b:ef:
2f:e1:63:00:ef:03:d7:aa:95:3c:17:fd:b2:df:25:55:08:aa:
5d:a8:bb:61:b5:64:17:65:4f:99:7f:e9:c7:26:f4:09:2c:25:
c5:9d:40:3d:2c:e1:11:3f:b4:d6:7f:b3:48:c3:e6:35:fa:3d:
01:73:f4:ee:3a:6e:33:50:b0:ee:5b:2e:d4:23:f6:57:73:9e:
89:c5:05:88:ac:10:6b:58:ff:41:15:c8:47:aa:e5:4a:cf:f8:
36:6b:20:42:24:4b:02:20:99:57:1e:67:9e:b3:67:b0:dd:68:
ba:a7:8e:02:41:04:b7:21:a0:f6:a0:1f:18:2c:fa:a4:36:33:
fd:97:2c:70:5e:0c:c5:29:4f:24:d0:2c:82:90:66:f7:f9:ee:
ed:0e:fb:44:6a:09:5b:18:10:36:fb:61:ca:ca:ee:51:57:c3:
63:9b:ce:4e:8b:e0:c0:d6:7f:12:d3:97:ac:3d:fc:c3:d3:ca:
68:a2:ed:c1:78:c6:2b:c1:7b:0f:56:82:b4:c9:d4:89:2b:b2:
57:0a:80:4f:9f:92:98:7c:ef:b1:ad:08:93:47:23:52:04:1c:
f9:74:9a:e5:70:5f:12:b9:84:95:b3:7a:be:b3:f4:61:af:8f:
f3:05:6d:4a:57:9c:17:fc:03:98:2d:ed:e0:13:09:9a:08:d5:
d5:49:3c:4c:df:b4:3b:a5:ea:4d:b8:a4:1a:6a:8e:f2:9c:79:
fd:58:ec:64:9d:84:d7:6c:f5:0d:bd:08:8d:4d:a5:c6:25:00:
3e:3c:dc:49:55:ff:d0:72:91:01:82:e2:62:c6:80:90:77:d1:
f9:a3:1c:37:36:5e:d3:59:64:07:f9:3b:06:bd:c5:9b:de:1c:
aa:04:80:87:80:66:67:89:bc:c6:a9:87:9c:58:8a:1b:5e:bc:
3d:02:83:74:4c:dd:15:fd:42:8a:33:72:4d:09:d1:2b:f2:21:
ff:77:9e:73:36:70:ee:f5:8a:35:14:d0:e7:75:52:74:29:2f:
ef:8a:fa:e6:ef:ad:3c:40:19:4e:ba:5e:03:54:fd:f4:17:f7:
b4:c0:85:78:20:66:22:ac:5b:9f:94:86:e3:5f:ac:d7:15:65:
69:cc:4d:73:88:06:07:e8:68:82:c5:ef:60:b7:e9:be:f9:fc:
3c:10:03:11:2e:a7:50:94:ec:ef:cb:aa:07:9b:44:54:4b:0f:
ba:27:52:d5:0b:0d:b9:17:58:0a:7f:a1:0b:fc:c5:87:5c:32:
30:ed:fb:0b:2e:05:4a:8d:63:60:38:3e:b8:e3:ab:ec:f7:be:
e6:5e:c1:20:11:75:b8:cf
-----BEGIN CERTIFICATE-----
MIIHrDCCBZSgAwIBAgIQBbGX2FlfJIPKkgQimkx23TANBgkqhkiG9w0BAQsFADBp
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT
OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0
IDIwMjEgQ0ExMB4XDTIyMDEzMDAwMDAwMFoXDTI0MDEzMDIzNTk1OVowgbAxCzAJ
BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw
MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0
aW9uMREwDwYDVQQLEwhJQk0gQ0NTUzE0MDIGA1UEAxMrSW50ZXJuYXRpb25hbCBC
dXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbjCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAKiKGffqynMfXW+iET5om15zauQ0XMh3zb2h2JWeAPf4uR3e
/G48N4NXzH9Nq0YJjkcm2ydjLDuad8OFzYSc19czVnFfABgSj6vtZZm42vgruOK1
gh6j/7D8uTYz6jjUgUWRo/WAc1jmOQ4U5kQE7zAEEvX9+FhK2JbrbFlvAIcxgOaf
WIkmxgfsGZSGxmJNtmmFP5/PImOCWXuITSvGIpA8cQNMdCTMMKhkUFiLxFm8sFLz
nimMKJLAfEF7bOswgOFWxLPkcVUFepgxFPC1y0IATSSP+pTgXWxGuCV+4U0up/qW
2zoTzscZOaLsV1xE/5U+qKpB1L+WKBoGKU2uLFsGddX3KFORvo9/0sDq6GQFJa8k
PvXqnE79mWUSoTsZgFFDLKjTHEZ2VQs9kh/RIk33gy3Ty7pBS/4P5l6ysIYLXYDB
VWtaE+NKJDAi1nDxXtV2ouW+eeDl/kXQIKrr0quxXUH+9mzbSSWHHcHQya8I1Jmy
HcNX1z20Lku35kJFSdNL/3oE6814VklI/A028eOPoN15STcnIIPTASNre230c2+r
I7DABbSJcqj7QxHv6l4uk8a9bNbxPpJPdovS7bqWp83ciV6pQgAGYibTVkVavxBz
iN7dvIu7T4VlLEW11+hdcvFAuFszOFpKN5MQkY3U32PuhngbBNvG5ph53Pn3AgMB
AAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNV
HQ4EFgQUGe7em4sLLQP3BxbmM2ACBj1/asUwDgYDVR0PAQH/BAQDAgeAMBMGA1Ud
JQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwz
LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5
NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5j
b20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIx
Q0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIBFhtodHRw
Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsG
AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0
dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVT
aWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1UdEwEB/wQCMAAwDQYJ
KoZIhvcNAQELBQADggIBAFgwho8giZNl5xFSsC2xpzmb7y/hYwDvA9eqlTwX/bLf
JVUIql2ou2G1ZBdlT5l/6ccm9AksJcWdQD0s4RE/tNZ/s0jD5jX6PQFz9O46bjNQ
sO5bLtQj9ldznonFBYisEGtY/0EVyEeq5UrP+DZrIEIkSwIgmVceZ56zZ7DdaLqn
jgJBBLchoPagHxgs+qQ2M/2XLHBeDMUpTyTQLIKQZvf57u0O+0RqCVsYEDb7YcrK
7lFXw2Obzk6L4MDWfxLTl6w9/MPTymii7cF4xivBew9WgrTJ1IkrslcKgE+fkph8
77GtCJNHI1IEHPl0muVwXxK5hJWzer6z9GGvj/MFbUpXnBf8A5gt7eATCZoI1dVJ
PEzftDul6k24pBpqjvKcef1Y7GSdhNds9Q29CI1NpcYlAD483ElV/9BykQGC4mLG
gJB30fmjHDc2XtNZZAf5Owa9xZveHKoEgIeAZmeJvMaph5xYihtevD0Cg3RM3RX9
Qoozck0J0SvyIf93nnM2cO71ijUU0Od1UnQpL++K+ubvrTxAGU66XgNU/fQX97TA
hXggZiKsW5+UhuNfrNcVZWnMTXOIBgfoaILF72C36b75/DwQAxEup1CU7O/Lqgeb
RFRLD7onUtULDbkXWAp/oQv8xYdcMjDt+wsuBUqNY2A4Prjjq+z3vuZewSARdbjP
-----END CERTIFICATE-----
In addition to an Issuer and a Signer, the certificate has the following characteristics:
- A validity period between the
Not Before
date and theNot After
date. The signature should be produced within this period.Not Before: Jan 30 00:00:00 2022 GMT
Not After : Jan 30 23:59:59 2024 GMT
- A public key, which is described under
Subject Public Key Info
in the output above. Signature validation requires this public key, so it is also included as a separately downloadable file namedbaw-public-2022.key
in the attached files .zip files.
You can validate that this public key is the public key referred to in the certificate by invoking the following command and comparing the m
odulus
with the one in the output of the certificate:
$ openssl rsa -noout -text -inform PEM -in baw-public-2022.key -pubin
RSA Public-Key: (4096 bit)
Modulus:
00:a8:8a:19:f7:ea:ca:73:1f:5d:6f:a2:11:3e:68:
9b:5e:73:6a:e4:34:5c:c8:77:cd:bd:a1:d8:95:9e:
00:f7:f8:b9:1d:de:fc:6e:3c:37:83:57:cc:7f:4d:
ab:46:09:8e:47:26:db:27:63:2c:3b:9a:77:c3:85:
cd:84:9c:d7:d7:33:56:71:5f:00:18:12:8f:ab:ed:
65:99:b8:da:f8:2b:b8:e2:b5:82:1e:a3:ff:b0:fc:
b9:36:33:ea:38:d4:81:45:91:a3:f5:80:73:58:e6:
39:0e:14:e6:44:04:ef:30:04:12:f5:fd:f8:58:4a:
d8:96:eb:6c:59:6f:00:87:31:80:e6:9f:58:89:26:
c6:07:ec:19:94:86:c6:62:4d:b6:69:85:3f:9f:cf:
22:63:82:59:7b:88:4d:2b:c6:22:90:3c:71:03:4c:
74:24:cc:30:a8:64:50:58:8b:c4:59:bc:b0:52:f3:
9e:29:8c:28:92:c0:7c:41:7b:6c:eb:30:80:e1:56:
c4:b3:e4:71:55:05:7a:98:31:14:f0:b5:cb:42:00:
4d:24:8f:fa:94:e0:5d:6c:46:b8:25:7e:e1:4d:2e:
a7:fa:96:db:3a:13:ce:c7:19:39:a2:ec:57:5c:44:
ff:95:3e:a8:aa:41:d4:bf:96:28:1a:06:29:4d:ae:
2c:5b:06:75:d5:f7:28:53:91:be:8f:7f:d2:c0:ea:
e8:64:05:25:af:24:3e:f5:ea:9c:4e:fd:99:65:12:
a1:3b:19:80:51:43:2c:a8:d3:1c:46:76:55:0b:3d:
92:1f:d1:22:4d:f7:83:2d:d3:cb:ba:41:4b:fe:0f:
e6:5e:b2:b0:86:0b:5d:80:c1:55:6b:5a:13:e3:4a:
24:30:22:d6:70:f1:5e:d5:76:a2:e5:be:79:e0:e5:
fe:45:d0:20:aa:eb:d2:ab:b1:5d:41:fe:f6:6c:db:
49:25:87:1d:c1:d0:c9:af:08:d4:99:b2:1d:c3:57:
d7:3d:b4:2e:4b:b7:e6:42:45:49:d3:4b:ff:7a:04:
eb:cd:78:56:49:48:fc:0d:36:f1:e3:8f:a0:dd:79:
49:37:27:20:83:d3:01:23:6b:7b:6d:f4:73:6f:ab:
23:b0:c0:05:b4:89:72:a8:fb:43:11:ef:ea:5e:2e:
93:c6:bd:6c:d6:f1:3e:92:4f:76:8b:d2:ed:ba:96:
a7:cd:dc:89:5e:a9:42:00:06:62:26:d3:56:45:5a:
bf:10:73:88:de:dd:bc:8b:bb:4f:85:65:2c:45:b5:
d7:e8:5d:72:f1:40:b8:5b:33:38:5a:4a:37:93:10:
91:8d:d4:df:63:ee:86:78:1b:04:db:c6:e6:98:79:
dc:f9:f7
Exponent: 65537 (0x10001)
If IBM suspected a compromise of the code signing key, the certificate would be revoked by informing the public certificate authority, which in turn publishes this revocation information using the Online Certificate Status Protocol (OCSP). You can invoke the OCSP check to see if the certificate was revoked:
$ openssl ocsp -no_nonce -issuer intermediate-2022.pem -cert baw-cert-2022.pem -VAfile intermediate-2022.pem -text -url http://ocsp.digicert.com -respout ocsptest
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 915DEAC5D1E15E49646B8A94E04E470958C9BB89
Issuer Key Hash: 6837E0EBB63BF85F1186FBFE617B088865F44E42
Serial Number: 05B197D8595F2483CA9204229A4C76DD
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: 6837E0EBB63BF85F1186FBFE617B088865F44E42
Produced At: Jun 22 13:30:27 2022 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 915DEAC5D1E15E49646B8A94E04E470958C9BB89
Issuer Key Hash: 6837E0EBB63BF85F1186FBFE617B088865F44E42
Serial Number: 05B197D8595F2483CA9204229A4C76DD
Cert Status: good
This Update: Jun 22 13:15:01 2022 GMT
Next Update: Jun 29 12:30:01 2022 GMT
Signature Algorithm: sha384WithRSAEncryption
73:7d:1b:f2:3e:6f:b4:12:ff:78:4e:a8:b9:54:33:e3:83:15:
26:cf:51:18:03:74:6c:42:97:b6:23:a6:44:a3:d9:03:89:fa:
67:c3:c6:da:c4:c4:f2:ef:f4:e1:25:50:9e:ef:f2:d0:75:99:
29:5c:06:2f:32:72:0a:1e:0e:76:47:73:6b:f0:26:aa:ef:2c:
e5:a7:84:f2:34:02:bd:d7:84:aa:b1:82:0c:74:f9:d7:c2:9f:
e2:37:b8:39:5f:40:6e:65:77:48:23:64:26:60:3f:20:f3:0d:
d4:9b:e0:5e:8c:8b:d3:76:e3:e8:8f:27:db:38:4e:9f:65:cd:
5c:f2:c1:75:c2:56:a6:72:6f:26:aa:e4:80:66:0e:a0:95:6e:
6c:bb:55:31:94:4c:75:85:14:a8:f2:09:fb:fb:6d:59:c3:51:
1a:96:8a:ed:4c:27:7b:05:a4:99:eb:5d:7d:39:b8:6b:fa:d0:
04:0b:d6:f7:00:8b:6e:7b:0d:f7:77:af:91:e6:bd:0f:01:6d:
4d:40:34:28:fd:d4:4f:43:71:68:15:de:bb:99:45:d4:22:15:
76:c1:ad:07:a2:d8:2e:b4:fa:78:5f:28:ae:cb:25:ce:c3:79:
fa:27:e5:ef:2f:23:ba:22:c9:8a:17:8d:30:47:eb:a8:ab:7c:
59:87:ac:93:64:8d:b1:de:71:6f:9c:2a:c6:ea:f2:ce:4b:0f:
79:ac:5b:a7:80:a4:6c:7c:6a:5f:47:44:94:77:3a:4c:42:0c:
89:39:58:e3:a7:c9:e0:f3:7a:1c:77:fd:ba:35:fc:ea:73:28:
ed:d8:e2:4a:04:cb:e9:41:b3:fc:71:f2:c5:76:41:cb:1b:ef:
28:98:3e:37:1c:dd:61:b0:b5:a6:10:c0:14:11:51:38:9f:ea:
52:1b:36:8c:f3:0e:d0:53:b9:32:7f:e2:6a:c0:72:6d:cc:26:
77:da:9a:6d:0f:a5:36:b7:26:3c:b6:61:a0:a7:55:b2:cd:7c:
6b:9d:fd:4a:f9:bc:44:9c:7e:3c:09:b8:79:48:c2:4d:a0:c3:
77:73:c6:78:a7:b3:17:04:8a:49:5d:47:fe:3d:9f:4a:04:58:
c4:4c:dc:8b:cd:bf:3c:b7:82:55:29:b1:bd:f5:b7:cb:17:c2:
41:6a:5a:89:a9:8b:20:94:2b:70:9b:c4:a0:4a:b5:73:a0:a1:
85:8b:04:ec:f8:40:96:39:2c:94:b7:20:19:ce:b4:25:22:c8:
64:e3:33:ec:df:08:e8:09:05:b8:d6:fd:c3:ed:6a:bb:a9:4f:
74:ab:65:31:94:b1:d4:fc:e9:54:c3:11:48:2d:d5:4f:86:80:
f3:81:02:ea:dd:0e:33:cd
baw-cert-2022.pem: good
This Update: Jun 22 13:15:01 2022 GMT
Next Update: Jun 29 12:30:01 2022 GMT
Response verify OK
At the bottom of the output, the text "Response verify OK" should be displayed.
After completing the steps, you can be assured that
baw-cert-2022.pem
, baw-public-2022.key
, and intermediate-2022.pem
are all valid and can be used to verify that the code signatures were produced by IBM.Step 3: Validate the signatures
Complete the following steps to validate the signatures:
- Calculate the SHA256 hash of a downloaded file.
- Decrypt the signature file using IBM's public key
baw-public-2022.key
. The decrypted plain text is the SHA256 hash of the same file, calculated by IBM. - Compare the two hashes to ensure that no bits were changed.
These three steps are combined in a single command:
openssl dgst -sha256 -verify baw-public-2022.key -signature <signature file> <file>. For example:
$ openssl dgst -sha256 -verify baw-public-2022.key -signature workflow.2201.delta.repository.zip.sig workflow.2201.delta.repository.zip
Verified OK
The expected response is "Verified OK". Note that depending on file sizes, this command may take a few seconds to complete.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"ARM Category":[{"code":"a8m50000000CccBAAS","label":"Install and Deployment Environments-\u003Einstall verification"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"20.0.0;21.0.1;21.0.2;21.0.3;22.0.1;22.0.2;23.0.1;23.0.2"}]
Was this topic helpful?
Document Information
Modified date:
24 June 2024
UID
ibm16234014