Updated on 2025-07-15 GMT+08:00

Workspace Clients

Procedure

Check the integrity of downloaded client packages, that is, check whether the packages are tampered with or lost during download.

From 25.1.0.1 on, the digital signature CMS file is used for integrity verification. In earlier versions, SHA256 values are still used.

Verifying the Digital Signature CMS File

  1. Download the required client package from the client download page of the official website.
  2. Download the following root CA certificate and CRLs from the Huawei support website:

    • CA certificate: Huawei Software Integrity Protection Root CA.der
    • CRLs: HuaweiRootCA.crl, HuaweiCodeSigningCA.crl, HuaweiCodeSigningCA 2.crl, and HuaweiCodeSigningCA 3.crl

  3. Convert the formats of the CA certificate and CRLs from DER to PEM.

    The name of the certificate to convert may differ from that of the downloaded one. Use the actual certificate name.

    • For CRLs:
    openssl crl -inform DER -in "HuaweiRootCA.crl" -out HuaweiRootCaCrl.pem 
    openssl crl -inform DER -in "HuaweiCodeSigningCA 3.crl" -out HuaweiCodeSigningCA3.pem 
    openssl crl -inform DER -in "HuaweiCodeSigningCA 2.crl" -out HuaweiCodeSigningCA2.pem 
    openssl crl -inform DER -in HuaweiCodeSigningCA.crl -out HuaweiCodeSigningCA.pem
    • For the CA certificate:
    openssl x509 -inform DER -in "Huawei Software Integrity Protection Root CA.der" -out HuaweiRootCA.pem

  4. Use Notepad to open the files in 3. Copy and paste the content of HuaweiRootCaCrl.pem, HuaweiCodeSigningCA3.pem, HuaweiCodeSigningCA2.pem, and HuaweiCodeSigningCA.pem sequentially to the end of the content of HuaweiRootCA.pem.
  5. Verify the CMS file.

    openssl cms -verify -inform DER -crl_check_all -in xxxxxxx.msi.cms -content xxxxxx.msi -CAfile HuaweiRootCA.pem -out cmsVerifiedData -binary -purpose any -certsout tmpCertChain.pem
    • xxxxxxx.msi.cms: client CMS file obtained in Table 1
    • xxxxxx.msi: name of the client package downloaded from the official website

    If a message similar to the following is displayed, the verification is successful:

    CMS Verification successful
    Table 1 CMS verification codes

    Installation Package

    CMS Signature File

    Windows

    Click here to download

    macOS

    Click here to download

    Kylin-AMD64

    Click here to download

    Kylin-ARM64

    Click here to download

    UOS-AMD64

    Click here to download

    UOS-ARM64

    Click here to download

    Ubuntu-AMD64

    Click here to download