Skip to main content
Cloud Volumes ONTAP
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

File signature verification on Linux

Contributors netapp-driley

You can verify an exported VHD file signature for Linux by following the steps below.

Steps

  1. Download the Azure Image Digest file from the NetApp Support Site and extract the digest file(.sig), public key certificate file(.pem) and chain certificate file(.pem).

    Refer to the Download the Azure Image Digest File for more information.

  2. Verify the chain of trust.

    % openssl verify -CAfile Certificate-Chain-9.15.0P1_azure.pem Certificate-9.15.0P1_azure.pem
Certificate-9.15.0P1_azure.pem: OK

  3. Remove the leading 1MB (1048576 Bytes) and ending 512 Bytes of VHD file.

    If 'tail' is used, the option '-c +K' outputs bytes starting with the Kth bytes of the specified file. Hence, 1048577 is passed to 'tail -c'.

    % tail -c +1048577 ./9150.01000024.05090105.vhd > ./sign.tmp.tail
% head -c -512 ./sign.tmp.tail > sign.tmp
% rm ./sign.tmp.tail

  4. Use openssl to extract public key from certificate and verify the striped file(sign.tmp) with the signature file and public key.

    If the input file passes the verification, the command will display
    "Verification OK". Otherwise, "Verification Failure" will display.

    % openssl x509 -pubkey -noout -in ./Certificate-9.15.0P1_azure.pem > ./Code-Sign-Cert-Public-key.pub

% openssl dgst -verify Code-Sign-Cert-Public-key.pub -keyform PEM -sha256 -signature digest.sig -binary ./sign.tmp
Verification OK

% openssl dgst -verify Code-Sign-Cert-Public-key.pub -keyform PEM -sha256 -signature digest.sig -binary ./another_file_from_nowhere.tmp
Verification Failure

  5. Clean up the workspace.

    % rm ./9150.01000024.05090105.vhd ./sign.tmp
% rm *.sig *.pub *.pem