Object Signing, What's That All About?

By Rich Loeber

All of the security measures you implement could easily be brought down if someone can introduce tampered data or programs into your system without your knowledge. To address this, the IBM i OS has supported object signing ever since release V5R1 became available. Object signing, simply stated, works by having each object on your system signed by the originator that guarantees that the object is what it claims to be and that it has not been altered.

Most systems today, many years after release of this feature, still only have the IBM operating system carrying signatures. Run the WRKOBJ for *PGM objects on your system in the QSYS library. When the list comes up, place and '8' next to one of the objects and then scroll up to the second panel. You should see the following fields displayed:

Auditing/Integrity information:

Object auditing value . . . . . . : *NONE

Digitally signed . . . . . . . . . : YES

System-trusted source . . . . . : YES

Multiple signatures . . . . . . : NO

Note that the object is showing as being digitally signed and that it is from a system-trusted source.

Similarly, if you do the same for some of your own programs, you will probably find that there is no signing in effect. In fact, most IBM i implementations today that are not from IBM carry no signature.

So, what's the big deal and how can this help you?

For now, probably not much. The current implementation of this is clearly designed to help IBM protect its operating system. IBM has provided some tools in the operating system to give users control. The system value QVFYOBJRST can be set to only allow restore of objects that are signed. You can differentiate this for objects that are system state and user state. In fact, the recommended setting level of 3 will prevent any unsigned system state programs from being loaded onto your system, thereby adding a level of protection to the operating system's integrity.

There is also the ability to scan your system for object integrity by using the Check Object Integrity (CHKOBJITG) command. An option on this command will let you verify objects that are signed to make sure that operating system components have not been tampered with since they were loaded. Scanning the operating system on your server can produce a database list of all objects on the system that have bad signatures. Finding these could indicate that the operating system has been tampered with.

To add an additional layer of security to your own applications, this technology is available for user state programs as well. But, seeing that the software developer community has not embraced this to date, you may just be asking for a headache by doing your own implementation while other third party software on your system does not comply. IBM documentation is available, however, to implement this for your own applications.

If you have any questions about this topic, feel free to reach me at rich at kisco.com, I'll try to answer your questions. All email messages will be answered.