Validating IBM Mobile Foundation archive downloaded from Fixcentral (Optional)

improve this page | report issue

Validating IBM Mobile Foundation archive downloaded from Fixcentral (Optional)

IBM Mobile Foundation ZIP packages for Mac Devkit, Server, Server Bluemix, Server Pattern, and StudioP2 are available in Fixcentral. They are code signed (with Digi Cert) to enforce integrity of the package. The .sig (signature file) and .pub (RSA public key) files are uploaded to Fixcentral along with the corresponding IBM MobileFirst Platform Foundation V8.0 .zip packages (IBM MobileFirst Platform Mac Devkit, Server, Server Bluemix, Server Pattern, StudioP2). You can validate the integrity of the package by verifying the signature as follows:

Package Information as available in Fixcentral

Package: IBM MobileFirst Platform Foundation V8.0 .zip files of IBM MobileFirst Platform Server on Mac Devkit, Server, Server Bluemix, Server Pattern, StudioP2 packages.

Signature File: Signature file for IBM MobileFirst Platform Foundation V8.0 .zip file of IBM MobileFirst Platform Server on Mac Devkit, Server, Server Bluemix, Server Pattern, StudioP2 packages.

RSA Public Key: Public Key file for IBM MobileFirst Platform Foundation V8.0 .zip file of IBM MobileFirst Platform Server on Mac Devkit, Server, Server Bluemix, Server Pattern, StudioP2 packages.

Steps to verify the signature

  1. Download and install the openssl toolkit.
  2. Verify the IBM Mobile Foundation package using the following command.
    openssl dgst -sha256 -verify <PUBLIC_KEY> -signature <SIGNATURE_FILE> <IBM MOBILE FOUNDATION PACKAGE ARCHIVE>
    For example:
    openssl dgst -sha256 -verify 8.0.0.0-MFPF-DevKit-Mac-IFXXXXXXXXXXXX.pub -signature 8.0.0.0-MFPF-DevKit-Mac-IFXXXXXXXXXXXX.sig 8.0.0.0-MFPF-DevKit-Mac-IFXXXXXXXXXXXX.zip
    The expected result of the command is “Verified OK”.

Last modified on January 28, 2021