Introduction
Starting from Cisco IoT FND 4.9.0, you can verify the ISO and RPM images before the installation or upgrade of IoT FND.
For more information, refer to How to Run the Signature Verification Program.
Zip File Contents |
Description |
---|---|
1. iot-fnd-<release>-<build number>.iso |
Cisco provided image for which signature is to be verified. |
2. iot-fnd-<release>-<build number>.iso.signature |
Signature generated for the image. |
3. FND_RPM_SIGN-CCO_RELEASE.pem |
Cisco signed x.509 end-entity certificate contains the public key that is used to verify the signature. This certificate is chained to Cisco root CA and sub CA posted on https://www.cisco.com/security/pki/ |
4. cisco_x509_verify_release.py |
Signature verification program. After downloading the image, its digital signature, and the x.509 certificate, this program is used to verify the 3-tier x.509 certificate chain and the signature. Certificate chain validation is done by verifying the authenticity of end-entity using Cisco-sourced sub CA and root CA (which the script downloads from Cisco). |
5. cisco_x509_verify_release.py.signature |
Signature generated for the script cisco_x509_verify_release.py. |
6. cisco_openpgp_verify_release.py |
Signature verification program for verifying the Open-pgp Complaint Public Key against x.509 end-entity certificate. |
7. cisco_openpgp_verify_release.py.signature |
Signature generated for the script cisco_openpgp_verify_release.py. |
8. FND-rel-binary.gpg |
Open-pgp public key is used for verification of the signed RPM. |
9. FND-rel-ascii.gpg |
Open-pgp public key is used for verification of the signed RPM. |