How to confirm the integrity of the UNAB RPM package?
search cancel

How to confirm the integrity of the UNAB RPM package?

book

Article ID: 10718

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Recently created UNAB RPM packages incorporate a PGP signature which allows confirmation of the integrity of the RPM file.



Environment

Release: ACP1M005900-12.8-Privileged Identity Manager 12.8sp1
Component:

Resolution

  1. To verify the integrity of the UNAB RPM package run in a root shell on the target box where you have the RPM copied to
    (replace the rpm file name with what exactly you have)

    # rpm -Kv uxauth-128-1.0.2865.x86_64.rpm
    uxauth-128-1.0.2865.x86_64.rpm:
        Header V3 RSA/SHA1 Signature, key ID 5caebc96: NOKEY
        Header SHA1 digest: OK (b9f2c37b174d2bd8a43a7abde844e5eb6fd03c20)
        V3 RSA/SHA1 Signature, key ID 5caebc96: NOKEY
        MD5 digest: OK (0ec3c4f22aa2bd89842df3ad0f9f8de2)

  2. Note the NOKEY output here indicating that the RSA keys could not be verified due to the missing Public key for CA Technologies UNAB RPM package in the RPM keying

  3. To import the Public key for CA Technologies UNAB RPM package first create a plain text file on the target box containing the key

    # vi /tmp/RPM-GPG-KEY-CA
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2.0.14 (GNU/Linux)

    mQ###########################################################################################################
    =zxky
    -----END PGP PUBLIC KEY BLOCK-----

    (note to copy and paste the contents of the file exactly as shown above without adding any extra characters, etc.
    also confirm that you load this web page using https to ensure integrity of this text)

  4. After saving the key file submit this command to actually import the key in the rpm keyring

    # rpm --import /tmp/RPM-GPG-KEY-CA

  5. Now once again run this command to verify the integrity of the UNAB RPM package

    # rpm -Kv uxauth-128-1.0.2865.x86_64.rpm
    uxauth-128-1.0.2865.x86_64.rpm:
        Header V3 RSA/SHA1 Signature, key ID 5caebc96: OK
        Header SHA1 digest: OK (b9f2c37b174d2bd8a43a7abde844e5eb6fd03c20)
        V3 RSA/SHA1 Signature, key ID 5caebc96: OK
        MD5 digest: OK (0ec3c4f22aa2bd89842df3ad0f9f8de2)

    Note that now all signatures and hash sums show OK indicating integrity of the package
Powered by Wolken Software