Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Install and Configure CTE-U with CipherTrust Manager

Verifying Package Signatures

search
printsuggest an editpdf paneldownload

Verifying Package Signatures

This section explains how to verify signatures of the CTE-U installer packages. After the signature is verified, CTE-U can be installed on file servers.

copy link to clipboardVerifying Signature of rpm Packages

To verify the signature of the rpm package:

  1. Download the public key from the Support Portal:

    Note

    The key is named 610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key.

  2. Save the key on the file server, for example, at /cte/public_key.

  3. Navigate to the directory where the extracted CTE-U packages are stored.

  4. Import the public key into the rpm keystore, type:

    Run rpm --import /path/to/public_key/<gpg_key>.

    Example

    rpm --import /cte/public_key/610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key

  5. Verify the signature, type:

    rpm -Kvv <protectfile_installer>.rpm.

    Example

    rpm Kvv cte_<version>-<build>.x86_64.rpm

    The command output should contain information similar to the following:

    cte-<version>-<build>.x86_64.rpm:
Header V3 RSA/SHA256 Signature, key ID <key_id>: OK
Header SHA1 digest: OK (<sha1_digest>)
V3 RSA/SHA256 Signature, key ID <key_id>: OK
MD5 digest: OK (<md5_digest>)

If the output contains Signature, key ID : OK for SHA256, the signature is verified successfully.

copy link to clipboardVerifying Signature of deb Packages

To verify the signature of the deb package:

  1. Download the public key from the Support Portal:

    Note

    The key is named 610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key.

  2. Save the key on the file server, for example, at /cte/public_key.

  3. Navigate to the directory where the extracted CTE-U packages are stored.

  4. Import the public key, type:

    gpg --import /path/to/public_key/<gpg_key>

    For example, run:

    gpg --import /pf/public_key/610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key

  5. Verify the signature, type:

    gpg -verify cte_<version>-<build>.deb.sig.

    If the output contains the text Good signature, the signature is verified successfully.

copy link to clipboardVerifying Signature of Interactive Installers

To verify the signature of the interactive installer package:

  1. Download the public key from the Support Portal:

    Note

    The key is named 610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key.

  2. Save the key on the file server, for example, at /cte/public_key.

  3. Navigate to the directory where the extracted CTE-U packages are stored.

  4. Import the public key, type: (The signature cannot be verified without a valid public key.)

    gpg --import /path/to/public_key/<gpg_key>.

    For example, run:

    gpg --import /pf/public_key/610-000250-001_PUBLIC-GPG-CONNECTOR-SIGNING-KEY.key

  5. Verify the signature.

    gpg -verify safenet_pf<version>-<build>.tar.gz.sig.

If the output contains a good signature, the signature is verified successfully.

On this page