Verify digital signature files

Certain files included with PI SQL Client JDBC are signed in such a way that an additional process is necessary to verify the signatures. These files include:

• GetCertificate.class

• IPISQL.class

• install.sh

• pisqlclientjdbc_2021-x86-x64_.tar.gz (used for Linux, macOS, or Oracle installations)

Use the following procedure to verify each file you are using.

Before you start

You need OpenSSL installed to verify the digital signature files. See the OpenSSL website for details.

Procedure

1. Download the certificate file and the signature file for the file you want to verify from the AVEVA Customer Portal Products page.

   The signature files are:

   • GetCertificate.class.sha256

   • IPSQL.class.sha256

   • install.sh.sha256

   • pisqlclientjdbc_2021-x86-x64_.tar.gz.sha256

2. Open a command window as an administrator.

3. To convert the certificate to a PEM format, type openssl.exe pkcs7 -print_certs -in OSIsoftLLC.p7b -out OSIsoftLLC.pem and press Enter.

4. To extract the public key from the certificate, type openssl x509 -pubkey -noout -in OSIsoftLLC.pem > publicKey.pem and press Enter.

5. To verify that a file has not been tampered with, type openssl dgst -sha256 -verify publicKey.pem -signature SignatureFileName FiletobeVerifiedName and press Enter.

   For example, if you want to verify the IPISQL.class file, type openssl dgst -sha256 -verify publicKey.pem -signature IPSQL.class.sha256 IPSQL.class.

   If the file is in its original state, the result is: Verified OK. If the file cannot be verified, the result is Verification Failure.