dsblkgen command

Edit online

Purpose

Creates a signature block of data for trusted installation and update of an installp software package..

Syntax

dsblkgen [-f PEM|DER|LOC] signature_file file_certificate signature_block

Description

The dsblkgen command creates a signature block of data into an output file that can be appended to an installp formatted software package by using the cat command. The installp package contains digital signature information for AIX® trusted updates and installation with the Digital Signature Policy option set to a value other than none.

Before you run the dsblkgen command, you must run the openssl command of the OpenSSL command line tool along with a private key to get a signature file from an installp package. The signature file is saved in the file that is specified by the signature_file parameter. A public key must exist on the AIX operating system in addition to a private key. If the path of the public key on the AIX operating system is /etc/security/certificates/my_public_key.pem, then the value of the file_certificate parameter is /etc/security/certificates/my_public_key.pem.

Flags

-f

Specifies the type of the signed digital certificate. The valid values for the -f flag are PEM, DER, and LOC. If the type of the signed digital certificate is PEM or DER, the file that is specified by the file_certificate parameter must contain the signed digital certificate. If the type of the signed digital certificate is LOC, the file_certificate parameter is the full path of the signed digital certificate on the system.

Parameters

signature_file

Specifies the file that contains the digital signature after the software package is signed with a private key. The signature_file parameter is a required input parameter.

file_certificate

Specifies the path of the file that contains the signed digital certificate, if -f flag is set to PEM or DER. Specifies the path of the signed digital certificate on the running system if -f flag is set to LOC. The file_certificate parameter is a required input parameter.

signature_block

Specifies the file where the dsblkgen command writes the signature block.

Exit status

The dsblkgen command returns the following integer status codes upon completion:
0
Indicates that the dsblkgen command created the signature block successfully.
1
Indicates that the dsblkgen command failed to create the signature block.

Examples

To create a signature block from an installp package, enter the following command::
# dsblkgen -f LOC signature_file file_certificate signature_block

You can append the signature block to an installp package by using the cat command. When the installp package is installed, the AIX operating system verifies the image based on the data in the signature_block parameter, if the Digital Signature Policy option is set to a value other than none.

File

/usr/sbin/dsblkgen
Contains the dsblkgen command.