How to confirm the integrity of the UNAB RPM package?

Document ID:  TEC1202672
Last Modified Date:  08/07/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Privileged Identity Manager

Releases

  • CA Privileged Identity Manager:Release:12.8
  • CA Privileged Identity Manager:Release:14

Components

  • CA ACCESS CONTROL - AUTHENTICATION UNIX:SEOSAU
Introduction:

Recently created UNAB RPM packages incorporate a PGP signature which allows confirmation of the integrity of the RPM file.

Instructions:
  1. To verify the integrity of the UNAB RPM package run in a root shell on the target box where you have the RPM copied to
    (replace the rpm file name with what exactly you have)

    # rpm -Kv uxauth-128-1.0.2865.x86_64.rpm
    uxauth-128-1.0.2865.x86_64.rpm:
        Header V3 RSA/SHA1 Signature, key ID 5caebc96: NOKEY
        Header SHA1 digest: OK (b9f2c37b174d2bd8a43a7abde844e5eb6fd03c20)
        V3 RSA/SHA1 Signature, key ID 5caebc96: NOKEY
        MD5 digest: OK (0ec3c4f22aa2bd89842df3ad0f9f8de2)

  2. Note the NOKEY output here indicating that the RSA keys could not be verified due to the missing Public key for CA Technologies UNAB RPM package in the RPM keying

  3. To import the Public key for CA Technologies UNAB RPM package first create a plain text file on the target box containing the key

    # vi /tmp/RPM-GPG-KEY-CA
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: GnuPG v2.0.14 (GNU/Linux)

    mQENBFj5/t4BCADFL1m1QgiD8xtdWrRX6+fL25UMXkdQxWnx4NNSmMXdkHe9N4kJ
    SmlbhlEVsDgz6+9m2s9OvwFpVFLBxaVX7h3t5CDw+sRfYYgDb4fazrSPQVNeeF4f
    S3HoQWpIrHjQNmXRYK9AP3O9BXKA+bLN7gxTY2Wh5H24QL9xUOlHg7DIGzTjLz18
    xED14uTc+0gFZkTCf4H98OnGZ2LFBEpmMY6OH3Vy8BCvGeMAUqoviZGmzUgaV0sW
    19ptgdnc0zjMIl0mzVFj39CbN9e8D6FN40+gXSDUxxVN2s4lbM8utBYQ4aREYa1X
    eMiYub6cpZV9qc//UjvHW8eMrS/U5PNDpwXTABEBAAG0PFRlYW0tUElNLXNUZWFt
    QGNhLmNvbSAoZVRydXN0IHNUZWFtKSA8VGVhbS1QSU0tc1RlYW1AY2EuY29tPokB
    PAQTAQIAJgUCWPn+3gIbAwUJBaOagAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ
    EJ05T5hcrryWQSoIAKwFwUCsHOCh3dRqCcEw57n2L9cyqISRAe2+/UXhKhHRdzlj
    QG3+UhYI9uh3EJJLmj+KhM6MmtG2CzxNHqsiPB3vj2yszV2Qm1JVauztsmBmVO+V
    Hkaw1sMFQrRJ8zVHCg/tb0oT9Y6Wbj2gnWG2QBAtFbeZ47k97DneFm0kp3m7lJ+E
    PzULH+7vTeT4gdvHOUngQJxXNDBaumRDzVxJj28Npsej/Z+SHm6eBswKX2WzGrGN
    4MToTNw5gfVm/ud8SEv+F8uyKTzg665Y+GzGotXPVoPtX2OT3gLU4D+sfD7M6zYc
    Ea7/VVLOT0oBQvwXR77DVSYaWTNX3cuvCpn31gY=
    =zxky
    -----END PGP PUBLIC KEY BLOCK-----

    (note to copy and paste the contents of the file exactly as shown above without adding any extra characters, etc.
    also confirm that you load this web page using https to ensure integrity of this text)

  4. After saving the key file submit this command to actually import the key in the rpm keyring

    # rpm --import /tmp/RPM-GPG-KEY-CA

  5. Now once again run this command to verify the integrity of the UNAB RPM package

    # rpm -Kv uxauth-128-1.0.2865.x86_64.rpm
    uxauth-128-1.0.2865.x86_64.rpm:
        Header V3 RSA/SHA1 Signature, key ID 5caebc96: OK
        Header SHA1 digest: OK (b9f2c37b174d2bd8a43a7abde844e5eb6fd03c20)
        V3 RSA/SHA1 Signature, key ID 5caebc96: OK
        MD5 digest: OK (0ec3c4f22aa2bd89842df3ad0f9f8de2)

    Note that now all signatures and hash sums show OK indicating integrity of the package

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >