Verifying the IBM public key
You can verify that the public key is present in the public certificate owned by IBM.
Procedure
- Download a public
key.
ibm-java-public-<yyyymmdd>.pem - Download the corresponding
public certificate for that key.
ibm-java-certificate-<yyyymmdd>.pem - Save the public key and public certificate to a directory of your choice.
- Change to the directory and run the following command to display the certificate
details.
openssl x509 -text -in ibm-java-certificate-<yyyymmdd>.pem -nooutThe output will show that the certificate is issued by Digicert to IBM.
Certificate: ... Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Assured ID Code Signing CA ... Subject: C = US, ST = New York, L = Armonk, O = International Business Machines Corporation, OU = IBM CCSS, CN = International Business Machines Corporation ...The output also shows the public key information.
Certificate: ... Subject Public Key Info: ... Modulus: 00:ab:38:0c:45:7c:d6:16:fa:22:61:fa:46:84:80: 67:71:a4:a8:c7:73:63:8a:fb:f3:24:be:94:3f:5e: ... Exponent: 65537 (0x10001) - Run the following command to show the public key details.
openssl rsa -noout -text -inform PEM -in ibm-java-public-<yyyymmdd>.pem -pubinFor example:
Modulus: 00:ab:38:0c:45:7c:d6:16:fa:22:61:fa:46:84:80: 67:71:a4:a8:c7:73:63:8a:fb:f3:24:be:94:3f:5e: ... Exponent: 65537 (0x10001) - Using the output from the two steps above, compare the Exponent and Modulus of the public key with the Exponent and Modulus of the Subject Public Key Info in the certificate. The information in the public key should match the information within the certificate.