The format of the APPLDATA value in the IRR.PROGRAM.SIGNING profiles
is as follows:
[hash-algorithm ][owning-userid]/key-ring-name
The variables of the APPLDATA value are defined as follows:
- hash-algorithm
- Specifies the message digestion algorithm to be used for program
signing. The default value is SHA256. No other values are supported.
- owning-userid
- Specifies the user ID that owns the program-signing key ring.
If you omit this value, RACF® uses
the key ring of the authorized program signer.
- /key-ring-name
- Specifies the fully qualified name of the program-signing key
ring. This value must be preceded by the forward slash (/).
Examples:
RDEFINE FACILITY IRR.PROGRAM.SIGNING.BUILD.RAMOS
APPLDATA('BUILDID/BUILD.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING.RAMOS
APPLDATA('SHA256 RAMOS/RAMOS.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING.PROD
APPLDATA('/PROD.CODE.SIGNING.KEYRING')
RDEFINE FACILITY IRR.PROGRAM.SIGNING
APPLDATA('RACFADM/CODE.SIGNING.KEYRING')
Rules:
- The only space character allowed in the APPLDATA value is the
single space following the hash-algorithm value. If hash-algorithm is
omitted, no space is allowed in the APPLDATA value.
- No extraneous characters are allowed in the APPLDATA value.
RACF does not check the
format of the APPLDATA value when you define a IRR.PROGRAM.SIGNING
profile. RACF checks the format
when a user signs a program and RACF finds
a matching IRR.PROGRAM.SIGNING profile.