Verifying your IBM Passport Advantage software download

To verify that your IBM Passport Advantage software download is valid and has been signed by IBM, follow these steps:

  1. Unzip the download so that you have files:
    *.zip       (the file downloaded)
*.sig file  (the signature file)
*.zip       (the file to sign)
noi-public-key
noi-public-key-ocsp
noi-public-key-ocsp-intermediate
CodeSign_README.txt
  2. Ensure you have OpenSSL installed and then issue the following command using the signature and public key files.
    openssl dgst -sha256 -verify <PUBLICKEYNAME> -signature <SIGNATUREFILENAME> <FILETOSIGN>

    Example command:

    openssl dgst -sha256 -verify noi-public-key -signature test.zip.sig test.zip
  3. If the file has been signed by IBM, the openssl command will return verified OK on the command line.

To verify that the certificate used to sign your Passport Advantage download is valid and verify its ownership by IBM, follow these steps:

  1. Issue the following command:
    openssl x509 -inform pem -in <OSCP_PUBLICKEYNAME> -noout -subject -issuer -startdate -enddate

    Example command:

    openssl x509 -inform pem -in noi-public-key-ocsp -noout -subject -issuer -startdate -enddate
  2. This will share the certificate issuer, the owner, as well as the certificate validity dates.

To verify with the Digicert Certificate Authority whether the certificate is still valid follow these steps:

  1. Issue the following command:
    openssl ocsp -no_nonce -issuer <OCSP_CHAINPUBLICKEYNAME> -cert <OCSPUBLICKEYNAME> -VAfile <OCSP_CHAINPUBLICKEYNAME> -text -url http://ocsp.digicert.com -respout ocsptest

    Example command:

    openssl ocsp -no_nonce -issuer noi-public-key-ocsp-intermediate -cert noi-public-key-ocsp -VAfile noi-public-key-ocsp-intermediate -text -url http://ocsp.digicert.com
  2. This will connect to the Digicert Certificate Authority and verify whether the certificate used to create the keys is still valid and in good standing.