Jazz Library Jazz.net Download Verification
Author name

elm,sse

Thu, 15 Feb 2024
5 min read
0

Jazz.net Download Verification

Michael Rowe, IBM
Last updated: 13 Feb 2024
Build basis: Engineering Lifecycle Management (based on “checksum availability”)

To verify the integrity of your IBM Engineering Lifecycle Management product downloads, you will compare the cryptographic hash value for each downloaded file against the value provided in the counterpart file.  While we will still have MD5 hashes for older product downloads, beginning with ELM 7.0.3, we have transitioned to SHA256 hashes for product files and iFixes. 

When validating your hashes, you should be aware that different tools are used for SHA256 verses MD5.  Given that MD5 is effectively deprecated, you should already have a tool for validating.  On Windows, this tools is called fciv.exe, which is no longer available from Microsoft; however, you can still access the download via the Internet archive at (https://web.archive.org/web/20140118175059/http://support.microsoft.com/kb/841290).

The steps for validation are basically the same regardless of which checksum you need to validate.

    1. Download the appropriate checksum file. The extension will be .sha256 or .md5 based on which cryptographic hash is being used.
    2. Compute the cryptographic hash of the file you have downloaded from jazz.net:
a. For SHA256
      i. Windows: 
      •	certutil -hashfile [file location] SHA256, 
      e.g. certutil -hashfile C:\Users\MyName\Downloads\software.zip SHA256

      ii. Linux/MacOS: 
      •	shasum -a 256 [file location], 
      e.g. shasum -a 256 ~/Downloads/software.zip

b.For MD5
      i. Windows:
      •	fciv.exe [file name including full path], 
      e.g. fciv.exe C:\Users\MyName\Downloads\software.zip

      ii. Linxu/MacOS:
      •	md5sum -b [file name including full path], 
      e.g. md5sum -b ~/Downloads/software.zip
             
                3. Compare the known file from the downloaded checksum file (either .sha256 or .md5) against the hash value from the prior step.
                  a. If the two hash values are identical, the IBM Engineering Lifecycle Management product(s) download is good.

Note – We will continue to update the article as warranted, if we change the technology of our cryptographic hashes.

About the author

Michael Rowe is a Technical Strategist, working as a technical architect for IBM Engineering Lifecycle Management since 2008, with over 30 years of experience in software development. He can be contacted at michael.rowe@us.ibm.com.

© Copyright IBM Corporation 2024

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Thu, 15 Feb 2024