WebSphere Enterprise Service Bus, Version 6.2.0 Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows


Changing the default message digest algorithm for the installver_wbi command

You can change the default message digest algorithm for a checksum comparison of installed files. You must edit the installver_wbi command script to change the algorithm.

Before you begin

Install the product before attempting to change the default message digest algorithm from SHA to MD5.

Also, verify the product files with the installver_wbi command before you change the command file.

About this task

The default message digest algorithm is one of the secure hash algorithms (SHA) that are part of the Secure Hash Standard (SHS) from the National Institute of Standards and Technology (NIST). SHA-1 is the standard hash function of the U.S. government. For more information, see the Federal Information Processing Standards (FIPS) Web page at http://csrc.nist.gov/publications/fips/index.html, and view the publication FIPS 180-2.

For more information about WebSphere® ESB compliance with FIPS, see Federal Information Processing Standards.

Also available is the older MD5 message digest algorithm. MD5 is a deprecated type of message algorithm that is not as secure as SHA and is provided only for backward compatibility.

Change the default message digest algorithm from SHA to MD5 only if absolutely necessary. Edit the installver_wbi.bat file or the installver_wbi.sh file to make the change. Changing the algorithm invalidates the SHA-based checksums in the product bill of materials. For this reason, verify the product files before changing the message digest algorithm.

To change the default message digest algorithm, perform the following steps.
Procedure
  1. Edit the installver_wbi command script:
    • For i5/OS operating system On i5/OS® platforms: Edit the install_root/bin/installver_wbi file.
    • For Linux operating systemFor UNIX operating system On Linux® and UNIX® platforms: Edit the install_root/bin/installver_wbi.sh file.
    • For Windows operating system On Windows® platforms: Edit the install_root\bin\installver_wbi.bat file.
  2. Add the following environmental property to the script file:
    -Dchecksum.type=MD5
    The default value is:
    -Dchecksum.type=SHA
  3. Save your changes.

Results

After you change the algorithm, run the installver_wbi command to verify that it works correctly.

task Task topic

Terms of use | Feedback


Timestamp icon Last updated: 21 June 2010


http://publib.boulder.ibm.com/infocenter/dmndhelp/v6r2mx/topic//com.ibm.websphere.wesb620.doc/doc/tins_installver_wbi_chg.html
Copyright IBM Corporation 2005, 2010. All Rights Reserved.
This information center is powered by Eclipse technology (http://www.eclipse.org).