- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Log in to PowerProtect Data Manager
- User and credential management
- Login security settings
- Authentication types and setup
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
PowerProtect Data Manager 19.10 Security Configuration Guide
Verify GPG signatures for Linux (RPM-based) packages
Use these steps to confirm that a Linux RPM package file was signed by Dell and has not changed since the signing.
Prerequisites
For GnuPG (GPG)-signed RPM package files, the public keys are valid for one year. Use the Dell public key for the year that the package was signed when you verify each package file. These annual public keys are provided as part of knowledge base (KB) articles KB000180913 and KB000197389.
Steps
- Open a terminal window or shell session.
- Change directory to the location of the package file.
-
Verify that the package file has a signature:
rpm --checksig -v package
where package is the package filename.
If the package file has a signature, output similar to the following appears:
package: Header V3 RSA/SHA1 Signature, key ID c5dfe03d: NOKEY Header SHA1 digest: OK 81e359380a5e229d96c79135aea58d935369c827) V3 RSA/SHA1 Signature, key ID c5dfe03d: NOKEY MD5 digest: OK (cc2ac691f115f7671900c8896722159c)
The NOKEY messages indicate that the Linux system does not recognize the signing key.
-
Locate the applicable Dell public key in the KB article.
Copy the public key to a new text file on the Linux system and save the file.
-
Import the Dell public key to the local trust store:
rpm --import keyfile
where keyfile is the text file that you created in a previous step.
-
With the Dell public key imported, reverify that the package file has a valid signature:
rpm --checksig -v package
where package is the package filename.
If the package file has a valid signature, output similar to the following appears:
package: Header V3 RSA/SHA1 Signature, key ID c5dfe03d: OK Header SHA1 digest: OK (81e359380a5e229d96c79135aea58d935369c827) V3 RSA/SHA1 Signature, key ID c5dfe03d: OK MD5 digest: OK (cc2ac691f115f7671900c8896722159c)
The OK messages indicate that the Linux system recognizes that the package was signed by a trusted key.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\