Updated on 2025-07-15 GMT+08:00
Workspace Clients
Procedure
Check the integrity of downloaded client packages, that is, check whether the packages are tampered with or lost during download.
From 25.1.0.1 on, the digital signature CMS file is used for integrity verification. In earlier versions, SHA256 values are still used.
Verifying the Digital Signature CMS File
- Download the required client package from the client download page of the official website.
- Download the following root CA certificate and CRLs from the Huawei support website:
- CA certificate: Huawei Software Integrity Protection Root CA.der
- CRLs: HuaweiRootCA.crl, HuaweiCodeSigningCA.crl, HuaweiCodeSigningCA 2.crl, and HuaweiCodeSigningCA 3.crl
- Convert the formats of the CA certificate and CRLs from DER to PEM.
The name of the certificate to convert may differ from that of the downloaded one. Use the actual certificate name.
- For CRLs:
openssl crl -inform DER -in "HuaweiRootCA.crl" -out HuaweiRootCaCrl.pem openssl crl -inform DER -in "HuaweiCodeSigningCA 3.crl" -out HuaweiCodeSigningCA3.pem openssl crl -inform DER -in "HuaweiCodeSigningCA 2.crl" -out HuaweiCodeSigningCA2.pem openssl crl -inform DER -in HuaweiCodeSigningCA.crl -out HuaweiCodeSigningCA.pem
- For the CA certificate:
openssl x509 -inform DER -in "Huawei Software Integrity Protection Root CA.der" -out HuaweiRootCA.pem
- Use Notepad to open the files in 3. Copy and paste the content of HuaweiRootCaCrl.pem, HuaweiCodeSigningCA3.pem, HuaweiCodeSigningCA2.pem, and HuaweiCodeSigningCA.pem sequentially to the end of the content of HuaweiRootCA.pem.
- Verify the CMS file.
openssl cms -verify -inform DER -crl_check_all -in xxxxxxx.msi.cms -content xxxxxx.msi -CAfile HuaweiRootCA.pem -out cmsVerifiedData -binary -purpose any -certsout tmpCertChain.pem
- xxxxxxx.msi.cms: client CMS file obtained in Table 1
- xxxxxx.msi: name of the client package downloaded from the official website
If a message similar to the following is displayed, the verification is successful:
CMS Verification successful
Parent topic: Client Integrity Check (CMS)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
