Validate software

To help protect IT infrastructures, you can validate software packages that you download to ensure that they are free of tampering. You can also validate digital signatures that are applied to software packages.

On this page:

Validate download integrity

Software validation involves the provision of a separate file that helps to confirm that the downloaded file matches the file on the download portal. Typically, a cryptographic protocol such as SHA-512 is used.

With IPLM, you can verify the integrity of software packages that you download. For example, in a SUSE Linux Enterprise Server (SLES) environment, follow the instructions in the “Setting up the repo” section in SLES 11/12. For instructions relating to other operating systems, see IPLM package installation.

Validate digital signatures

Digitally signing software involves the use of cryptographic keys, where the private key is used to sign the software package, and the public key is used to validate the signature. The process helps to ensure that the software was not altered since it was signed and comes from a trusted source.

With IPLM, you can verify packages by using a GNU Privacy Guard (GPG) key. By following the product deployment and installation instructions and downloading packages from the official repository, you can take advantage of the chain of trust implemented by installers such as APT, YUM, and DNF.