Manualshelf

User's Manual

ManualsBrandsDell ManualsSoftwareDell Update Packages Version 7.0
11121314151617181920
Verifying the Digital Signature
A digital signature is used to authenticate the identity of the signer of an Update Package and to certify that the original
content is unchanged. Digital signature of DUPs gives you a more reliable and trustful method of authentication.
Verifying the digital signature ensures that the original Update Package was received correctly and that the content has
not been modified since it was signed.
Verifying the Digital Signature on Linux
If you do not already have it installed on your system, you must install the Gnu Privacy Guard (GPG) to verify a Linux DUP
digital signature. To use the standard verification procedure, perform the following steps:
1. Get the Dell Linux public GnuPG key, if you do not already have it. You can download it by navigating to
lists.us.dell.com and clicking the Dell Public GPG key link.
2. Import the public key to the gpg trust database by running the following command:
gpg --import
<Public Key
Filename>
NOTE
: You must have a private key to complete the process.
3. To avoid a distrusted-key warning, validate the public key by its fingerprint before you use it.
a) Type the following command:
gpg --edit-key 23B66A9D
b) Within the GPG key editor, type fpr. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc.
(Product Group) <linuxsecurity@dell.com> Primary key fingerprint: 4172 E2CE 955A 1776 A5E6 1BB7 CA77 951D
23B6 6A9D. If the fingerprint of the imported key is the same as the key owner's, you have a correct copy of the
key. You can verify the key's owner in person, over the phone, or by any other means that guarantees that you
are communicating with the key's true owner.
c) While still in the key editor, type sign.
d) Answer the list of trust-validation questions that appears and create a passphrase to use as the secret key. You
must import and validate the public key only once.
4. Obtain the Linux DUP and its associated signature file from support.dell.com/support/downloads.
NOTE: Each Linux DUP has a separate signature file, which is displayed along with the DUP. You need both the
DUP and its associated signature file for verification. By default, the signature file is named the same as the DUP
filename with a sign extension.
5. Verify the DUP using the following command: gpg --verify <
Linux Update Package signature filename
> <
Linux
Update Package filename
>
Executing DUPs in the Windows Environment
To run DUPs from the interactive graphical user interface (GUI), perform the following steps. This procedure applies to
all Update Packages.
1. Execute the DUP by double-clicking the filename from within Windows Explorer.
2. Read the update information displayed in the DUP window.
3. Click Install to install the DUP.
4. Reboot the system, if necessary.
To execute DUPs from the command line interface (CLI), see Command Line Interface Reference.
14