Crypto Verify Signed - Allied Telesis IE340 Series Command Reference Manual

Industrial ethernet layer 3 switches

Hide thumbs Also See for IE340 Series:

Installation manual (136 pages)

Quick installation manual (4 pages)

ONFIGURATION

CRYPTO VERIFY SIGNED

crypto verify signed

Use this command to compare the HMAC-SHA checksum hash value of a firmware

file with its correct checksum. This confirms that the firmware has not been

corrupted or interfered with. When the device is in Secure Mode, this command

also forces the device to check the hash whenever it boots up, and prevents the

device from booting if the verification fails.

If the device is in Secure Mode, this command makes it difficult to upgrade the

device's firmware file. Therefore, only use this command if the device is in Secure

Mode and you have extremely strict security requirements, such as in

FIPS-compliant networks. Otherwise, use the

Usage Notes below for more detail.

If the verification fails, contact Allied Telesis customer support.

crypto verify signed <filename> <hash-value>

Global Configuration

If the device is in Secure Mode, and if the firmware file verified is the boot release

and signed verification succeeds, then the device stores the signed hash and uses

it to verify the firmware file on all subsequent reboots. This means that if you

change the firmware version, the switch will not boot up. You can only change the

firmware version if you reset the switch to the factory defaults before changing

the firmware version, by using the command

If the device is not in Secure Mode, you can use the write command to save the

hash value to the boot configuration file. The device will verify the checksum every

time it boots up and will warn you if it fails the verification.

All models of a particular series run the same release file and therefore have the

same checksum. For example, all x930 Series switches have the same checksum.

C613-50631-01 Rev A

The AlliedWare Plus file that you want to verify

<hash-value>

The known correct checksum of the file. This is a keyed

HMAC-SHA hash. This is available in a .sig file, which you can get

from your Allied Telesis customer representative.

Command Reference for IE340 Series

AlliedWare Plus™ Operating System - Version 5.5.3-0.x

crypto verify

command. See the

factory-default.

Show Quick Links

Chapters

Ie340-12gp Ie340-12gt Ie340-20gp Ie340l-18gp

Crypto Verify Signed - Allied Telesis IE340 Series Command Reference Manual

CRYPTO VERIFY SIGNED

Hide quick links:

Chapters

Related Manuals for Allied Telesis IE340 Series

Related Content for Allied Telesis IE340 Series

This manual is also suitable for: