uploads software to the target server or device. When a target device downloads, loads, or runs
software, the target device performs the Hash check or authenticates the digital signature. By
doing so, software integrity protection ensures end-to-end software reliability and integrity.
Software integrity protection helps detect viruses or malicious tampering in a timely manner,
preventing insecure or virus-infected software from running on the device.
2.4.2.2.3 Digital Signature of Software
A digital signature of software is used to identify the software source. It ensures the integrity
and reliability of software.
When software is released, its digital signature is delivered with the software package. After the
software package is downloaded to an NE, the NE verifies the digital signature of the software
package before using it. If the digital signature passes the verification, the software is intact and
reliable. If the verification fails, the software package is invalid and cannot be used.
illustrates the principles of a software digital signature.
Figure 2-3
Digital signature of software
l
Before a software package is released, all files in the software package are signed with
digital signatures. That is, after a message digest is calculated for all files in the software
package, the message digest is digitally signed using a private key.
l
After a software package with a digital signature is loaded to an NE through a media such
as the software release platform, the NE first verifies the digital signature of the software
package. That is, the NE uses a public key to decrypt the digital signature and obtain the
original message digest. Then, the NE recalculates the message digest and compares the
new message digest with the original one.
–
If the two message digests are the same, the software package passes the verification
and can be used.
EG860
User Guide
2 Introduction
Issue 02 (2015-04-10)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17