Preparing to verify signatures for GIMZIP packages
IBM z/OS product and service offerings consist of GIMZIP packages containing already installed software products, or SMP/E consumables such as SYSMODs, RELFILE data sets, and HOLDDATA. These GIMZIP packages are digitally signed. Signing a GIMZIP package, and then verifying the signature of that package, increases confidence in the authenticity (who produced it?) and the integrity (has it changed in transit?) of the package.
SMP/E and z/OSMF provide capabilities to verify the signatures of the GIMZIP packages for these
product and service offerings. However, verifying signatures requires preparation and one-time
setup.
Note: Support for signing GIMZIP packages and verifying the signatures for those packages is
added to SMP/E V3.7 with APAR IO28360.
