Verifying Security Signatures
The vMX image is securely signed, so you can verify the signature for the image.
To verify the signature:
- Download the public key certificate and the software image from the Juniper Networks Download Software page.
- Import the public key into a temporary GPG key ring.
mkdir tempcd tempgpg --homedir . --import certificate-fileFor example:
gpg --homedir . --import Juniper_vMX_public_key_2017.ascgpg: WARNING: unsafe permissions on homedir `.' Warning: using insecure memory! gpg: keyring `./secring.gpg' created gpg: keyring `./pubring.gpg' created gpg: ./trustdb.gpg: trustdb created gpg: key CA6E E4DD E89A EB4C F22F 6897 7B82 9893 BA75 0B9B: public key "vMX Trusted Kernel 2017 <ca@juniper.net>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Note The hexadecimal key value and name vary with each key. The hexadecimal value is an easy way to confirm that the key is authentic.
- Verify the validity of the signature.
gpg --homedir . --verify signature-file file-to-be-signedFor example:
gpg --homedir . --verify vmx-17.2R1.4-1.tgz.sig jinstall-vmx-17.2R1.4-domestic-signed.tgzgpg: WARNING: unsafe permissions on homedir `.' Warning: using insecure memory! gpg: Signature made Tue Jun 6 16:50:05 2017 PDT using RSA key ID BA750B9B gpg: Good signature from "vMX Trusted Kernel 2017 <ca@juniper.net>" gpg: This key is certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CA6E E4DD E89A EB4C F22F 6897 7B82 9893 BA75 0B9B
The second warning message appears because the key has not been marked as trusted. You can ignore the warning messages.