Save and restore system values: Verify object signatures during restore
The Verify object signatures during restore system value is also known as QVFYOBJRST. You can use this system value to specify whether to restore objects without signatures or with signatures that are not valid.
| Quick reference | |
|---|---|
| Location | From IBM® Navigator for i, select . Right-click on Save and Restore and click Properties, then select the Signatures tab. |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM). |
| Default value | Verify object signatures on restore; allow restore of objects without signatures. |
| Changes take effect | Immediately. |
| Lockable | Yes. |
What can I do with this system value?
You can specify the policy to be used for object signature verification during a restore operation. This value applies to the following types of objects: programs (*PGM), commands (*CMD), service programs (*SRVPGM), SQL packages (*SQLPKG), and modules (*MODULE). It also applies to stream file (*STMF) objects that contain Java™ programs.
If Digital Certificate Manager is not installed on the system, all objects are treated as unsigned when the system determines the effects of this system value on those objects during a restore operation.
Program, service program, and module objects that are created on a system running IBM i V5R4, or earlier, are treated as unsigned when they are restored to a system running IBM i V6R1. Likewise, program, service program, and module objects that are created or converted on a system running IBM i V6R1 are treated as unsigned when they are restored to a system running IBM i V5R4, or earlier.
The system value has the following options:
- Do not verify object signatures on restore. (1)
Do not verify signatures on the restore operation. Restore user-state objects regardless of their signature.
Do not use this option unless you have a large number of signed objects to restore that might fail their signature verification for some acceptable reasons. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; allow restore of user-state objects without signatures and with signatures that are not valid. (2)
Verify signatures on the restore operation. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects, even if their signatures are not valid.
Use this option only if some specific objects that you want to restore have signatures that are not valid. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; allow restore of user-state objects without signatures. (3)
Verify signatures on the restore operation. Restore unsigned commands and user-state objects. Restore signed commands and user-state objects only if their signatures are valid.
You can use this option for normal operations when you expect that some of the objects you load are unsigned, but you want to ensure that all signed objects have signatures that are valid. This is the default value.
- Verify object signatures on restore; allow restore of user-state objects with signatures that are not valid. (4)
Do not restore unsigned user-state objects. Restore signed user-state objects, even if their signatures are not valid.
Use this option if some specific objects that you want to restore have signatures that are not valid, but you do not want the possibility of unsigned objects being restored. In general, it is dangerous to restore objects with signatures that are not valid on your system.
- Verify object signatures on restore; do not allow restore of user-state objects without signatures or with signatures that are not valid. (5)
Do not restore unsigned user-state objects. Restore signed user-state objects only if their signatures are valid.
This option is the most restrictive. Use this option when the only objects that you allow to be restored are those that have been signed by trusted sources.
Objects that have the system-state attribute and objects that have the inherit-state attribute are required to have valid signatures from a system-trusted source. Objects in Licensed Internal Code fixes are also required to have a valid signature from a system-trusted source. If these objects do not have a valid signature, they cannot be restored, regardless of the value of the QVFYOBJRST system value.
Some command (*CMD) objects have a signature that does not cover all parts of the object. Some parts of the command are not signed while other parts are only signed when they contain a non-default value. This type of signature allows some changes to be made to the command without invalidating its signature. Examples of changes that will not invalidate these types of signatures include:
- Changing command defaults
- Adding a validity checking program to a command that does not have one
- Changing the 'where allowed to run' parameter
- Changing the 'allow limited users' parameter
If you want, you can add your own signature to these commands that includes these areas of the command object.
The restore system values work together when restoring objects.