The installer packages that are available for download from OEM FTP have been signed with a digital signature.

You can use the following procedure to verify an installer package signature. Verifying the signature assures that the installer package has been delivered by Progress DataDirect and has not been tampered with.

Note: Signature verification is an optional step. You can download and use the installer packages without verifying the signature as well.

To verify an installer package signature:

  1. From OEM FTP, download the following from the installer location:
    • The installer package
    • The external signature file: package_name.sha256.base64.sig
  2. From the /FOLDERS/COMMON/PublicKey directory, download the public key: progress-public-key.key.
  3. Open a command prompt, then:
    1. Enter the following command to convert the signature from base64 format to plain text. 
      openssl enc -base64 -d -in signaturefile.sha256.base64.sig -out signaturefile.sha256.sig
      where:
      signaturefile.sha256.base64.sig
      is the absolute path and name of the signature file in base64 format.
      signaturefile.sha256.sig
      is the absolute path and name of the file in which you want to store the signature file content in plain text.
    2. Enter the following command to verify the authenticity and integrity of the installer package. 
      openssl.exe dgst -verify publicKey.key -keyform PEM -sha256 -signature signaturefile.sha256.sig installerpackagefile
      where:
      publicKey.key
      is the absolute path and name of the public key.
      signaturefile.sha256.sig
      is the absolute path and name of the file that contains the signature file content in plain text.
      installerpackagefile
      is the absolute path and name of the installer package file you want to verify.

If the verification is successful, the following message appears: "Verified OK."

If the verification fails, the following message appears: "Verification Failure." Contact the Technical Support team for assistance.