IBM Support

Verifying AIX and VIOS Security and HIPER Fixes

How To


Summary

For AIX and VIOS security bulletins that include interim fixes or new filesets as remediation, a tar file is provided that includes a text version of the bulletin, interim fixes or filesets, and signature files for each included file. For AIX and VIOS HIPER bulletins that include interim fixes, signature files are also provided for each fix. Here we lay out steps for verifying the integrity of AIX and VIOS security and HIPER fixes.

Steps

 
Obtaining the AIX and VIOS public key
 
Integrity of the AIX and VIOS security fixes and bulletins, and AIX and VIOS HIPER fixes, can be verified by using the signature files with the public key available for https download from:
 
Starting with AIX 7.2 TL5 SP3 and VIOS 3.1.3.10, the same public key is also installed locally as part of the bos.rte.security fileset:
/etc/security/certificates/AIX_PSIRT_pubkey.txt
For additional verification and ease of use, the contents of the public key, which can be copied into a new file and stored locally, are:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUReXHZdyR6HuiWQbcG7
g9xtp9j8Q/uxhImosNanuqjwj8UinAKkkaArFzCb69WIjPYXmv+MOr0B6TnB5h0w
9kRauQLYV74iYxGG5Y2Yrl4HB0Un34YTgl+hrDWHPY3dI5cyzHLCvXMRTsPfnyUK
LsH9m5ZUtA6UBs9D48HS66YHVHwtcjb50xYsd2GwVip2HrskTTUXzB+I/BqYh0RA
brJiFG8h2XrAqlJZQU8JJLdH3i4i+HsScsfDgynZ3cEnJCxm1o5QmJyA4G1AOAuJ
+/JmMY0CbTz8sP7o4zykPo0AvakUx5N8yOC8oCMTifN5QH8Ff2hY6uMonoUekm8d
bwIDAQAB
-----END PUBLIC KEY-----
The checksum for the public key can be verified by running:
-> openssl dgst -sha256 [public key path]
The correct checksum value:
-> openssl dgst -sha256 /etc/security/certificates/AIX_PSIRT_pubkey.txt
SHA256(/etc/security/certificates/AIX_PSIRT_pubkey.txt)= 98d1efb466c6946618b5111117a68b0cfe39b27e8718672896754faa81288d76
 
 
Verifying files by using the public key
 
Once obtained, the public key can be used to verify AIX and VIOS security bulletins and security fixes, and AIX and VIOS HIPER fixes, by running:
-> openssl dgst -sha256 -verify [public key path] -signature [file.sig signature path] [file path]
Examples:
-> openssl dgst -sha256 -verify /etc/security/certificates/AIX_PSIRT_pubkey.txt -signature Advisory.asc.sig Advisory.asc
Verified OK

-> openssl dgst -sha256 -verify /etc/security/certificates/AIX_PSIRT_pubkey.txt -signature IJ41974s3a.221025.epkg.Z.sig IJ41974s3a.221025.epkg.Z
Verified OK
 
If anything other than 'Verified OK' is returned, contact IBM Support for assistance.
 
 
Verifying files by using checksums
 
Checksums are also provided in AIX and VIOS bulletins, which allow for additional verification of AIX and VIOS security and HIPER fixes. The checksums may be generated and verified by running:
-> openssl dgst -sha256 [file path]
Example:
-> openssl dgst -sha256 IJ57276sBa.260212.epkg.Z SHA256(IJ57276sBa.260212.epkg.Z)= d329a1d4d38d968b212cd855b84df48772f586d3a766d9a5164bef46aff4a900
 
If the checksum does not match the checksum as published in the respective security or HIPER bulletin, contact IBM Support for assistance.
 

Related Information

IBM Support

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzhAAA","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]

Document Information

Modified date:
10 April 2026

UID

ibm16985269

Page Feedback