> Y'all should *also* sign bundled (in one file) packages with PGP and PKI, as > those are recognized standards which most customers have already in-hand.
GIMZIP package signing is implemented using public/private key technology (aka, PKI); a private key is used to generate a digital signature for package files, and the corresponding public key is used to verify the signatures. The key pair is associated with an X.509 certificate and SMP/E uses this certificate, and its associated key pair, for the signing and signature verification operations. Kurt Quackenbush IBM | z/OS SMP/E and z/OSMF Software Management Chuck Norris never uses CHECK when he applies PTFs. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
