Home
Product overviewHCL Informix® is a fast and scalable database server that manages traditional relational, object-relational, and dimensional databases. Its small footprint and self-managing capabilities are suited to embedded data-management solutions.
Verify digital signaturesThis topic describes how to verify that your IBM Passport Advantage software download is valid and has been signed by IBM.

Verify digital signatures

This topic describes how to verify that your IBM Passport Advantage software download is valid and has been signed by IBM.

To incorporate secure code signing of HCL Informix releases, starting Informix Server 14.10.xC9, the tar/zip file contains:

Original *.zip or *.tar media file
The signature file with the same name as the media file with .sig extension.
Informix public key file: informix.pem

You can verify the file using the signature and public key file with the OpenSSL command.
```
opopenssl dgst -sha256 -verify informix.pem -signature <SIGNATUREFILENAME> <FILETOSIGN>
```
-verify takes the public key *.pem file provided by the release
-signature takes the *.sig file provided by the release
-<FILETOSIGN> is the actual release .tar or .zip file provided in the release

You can optionally verify the contents of the public key by comparing the contents of the informix.pem file with the output below:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzXoa2nQuM7FZR/qRPl19
T29KR/VUQ714L76d+DGyEJLX9jXXMcCqg/FveV/Y2t/iEZ5hs9XL9BCvEzibrkV/
twFBSqUw3p9944RJVt7L5gdo9RiyI/EshWXyKur5izKOJ2fm9AJGf6H+jxmSFtVk
4XHFCL9X+tNXG2GxC49qP6oy26l126eU4fKbyHziRJU0t7Bum6m0Ghdky9lrDzZl
WJyS48uqI8PqKbBNRura1V5bq8ebumRrbXY9NdbZLcFKGNSUnQcbi7YNWUQ7T6Rz
5shAMnM3GOREetbICpBV7xn9PMW9L3T8YlmFqHbzUlS72p2Jy5DxAelM59TZ8Lbe
6A+Oq4/qmhUgkTNDQFOhZIpfj6ub+zOJEdMnnLKNmMyt0eQLwMLdJKY9ToEP8VX0
oT3H5//cnyFJLmt82bVzGdBR3fGXBietZr5Uf3NlCUlo4F/h/NJ8iCNCfmHEwX84
cUjt7Qz5ET3+mZ4xiZDcMQEblq5OiQn2/nuMo97P5uQzbINBNqPKVadVmt50dSq7
FcbEFpydR5fWa3ef4T7aW1wTUKmYZBuJfPax7EnZZgoVR/iS0S9MDTU8OzzfMteq
F8MslgLiPDYyVGN8NelREgzBYWBBvsbpWQfWyD6mXQgqxj0a2gPO0meV0ZOCjclk
eF01qVzkN+L/+Er5jAzmNQECAwEAAQ==
-----END PUBLIC KEY-----

Note: Even if you do not need the verification, you can still use the package.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box.