Verifying Security Signatures
The vMX image is securely signed, so you can verify the signature for the image.
To verify the signature:
- Download the public key certificate and the software image from the Juniper Networks Download Software page.
- Import the public key into a temporary GPG key ring.
gpg --homedir . --import certificate-file
gpg --homedir . --import Juniper_vMX_public_key_2017.asc
gpg: WARNING: unsafe permissions on homedir `.' Warning: using insecure memory! gpg: keyring `./secring.gpg' created gpg: keyring `./pubring.gpg' created gpg: ./trustdb.gpg: trustdb created gpg: key CA6E E4DD E89A EB4C F22F 6897 7B82 9893 BA75 0B9B: public key "vMX Trusted Kernel 2017 <firstname.lastname@example.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
The hexadecimal key value and name vary with each key. The hexadecimal value is an easy way to confirm that the key is authentic.
- Verify the validity of the signature.
gpg --homedir . --verify signature-file file-to-be-signed
gpg --homedir . --verify vmx-17.2R1.4-1.tgz.sig jinstall-vmx-17.2R1.4-domestic-signed.tgz
gpg: WARNING: unsafe permissions on homedir `.' Warning: using insecure memory! gpg: Signature made Tue Jun 6 16:50:05 2017 PDT using RSA key ID BA750B9B gpg: Good signature from "vMX Trusted Kernel 2017 <email@example.com>" gpg: This key is certified with a trusted signature! gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: CA6E E4DD E89A EB4C F22F 6897 7B82 9893 BA75 0B9B
The second warning message appears because the key has not been marked as trusted. You can ignore the warning messages.