How to Verify a Signed Patch (jarsigner) (Signed Patches Administration Guide for PatchPro 2.2)

Signed Patches Administration Guide for PatchPro 2.2

How to Verify a Signed Patch (`jarsigner`)

Verify that the following prerequisites are met:
- You have installed the SUNWcert package.
  
  For more information, see How to Download the SUNWcert Package.
- You have imported the appropriate Sun PKI certificates.
  
  For more information, see How to Import the Sun Certificates With Java Tools.
- You are logged in as superuser.

Download a signed patch from the SunSolve Online site.

Verify the signed patch, for example:

# /usr/java1.3/bin/jarsigner -verify -verbose -keystore 
/usr/java1.3/jre/lib/security/cacerts /patchdb/100103-12.jar
smk     2149 Tue Sep 25 15:47:20 MDT 2001 100103-12/README
smk    18553 Tue Sep 25 15:47:20 MDT 2001 100103-12/4.1secure.sh
         385 Tue Sep 25 15:47:20 MDT 2001 META-INF/manifest.mf
         493 Tue Sep 25 15:47:20 MDT 2001 META-INF/zigbert.sf
        3819 Tue Sep 25 15:47:20 MDT 2001 META-INF/zigbert.rsa

  s = signature was verified 
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope

jar verified.
#

Make sure that you see the smk entries in the output to confirm that the patch signature is verified. Otherwise, the patch verification has failed, even if you see the jar verified message.