Skip to main content
Cloud Volumes ONTAP
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

File signature verification

Contributors netapp-driley netapp-manini
PDFs

The Azure image verification process will generate a digest from the VHD file with the leading 1MB and ending 512B striped by using hash function. To match the signing procedure, SHA256 is used to hash. You need to remove the leading 1MB and final 512B from the VHD file and then verify the remaining portion of the VHD file.

File signature verification workflow summary

The following is an overview of the file signature verification workflow process.

graphic azure check signature

  • Download the Azure Image Digest file from the NetApp Support Site and extract the digest file(.sig), public key certificate file(.pem) and chain certificate file(.pem).

    Refer to Download the Azure Image Digest File for more information.

  • Verify the chain of trust.

  • Extract the public key(.pub) from the public key certificate(.pem).

  • The extracted public key is used to decrypt the digest file. The result is then compared against a new unencrypted digest of the temporary file created from the image file with leading 1MB and ending 512 bytes removed.

    This step is achieved through the following openssl command.

    • The general CLI statement appears as follows:

      openssl dgst -verify <public_key> -keyform <form> <hash_function>
-signature <digest_file> -binary <temporary_file>

    • OpenSSL CLI tool gives a "Verified OK" message if both the files match and "Verification Failure" if they do not match.