AWS sap documentation change
Summary
Removed redundant example command outputs and duplicate 'Verify the signature' section. Simplified signature verification steps by removing repetitive content.
Security assessment
The changes streamline documentation but do not address a specific security vulnerability. The removed content included warnings about GPG key trust (standard security guidance) but did not indicate a resolved security flaw.
Diff
diff --git a/sap/latest/sap-hana/aws-backint-agent-signature.md b/sap/latest/sap-hana/aws-backint-agent-signature.md index f5c5395a4..b221fae53 100644 --- a//sap/latest/sap-hana/aws-backint-agent-signature.md +++ b//sap/latest/sap-hana/aws-backint-agent-signature.md @@ -5 +5 @@ -Verify the signatureVerify the signature +Verify the signature @@ -72,81 +71,0 @@ After you have verified the fingerprint, you can use it to verify the signature - gpg: Signature made Fri 08 May 2020 12:24:48 AM UTC using RSA key ID 1E65925B - gpg: Good signature from "AWS Backint Agent" [unknown] - gpg: WARNING: This key is not certified with a trusted signature! - gpg: There is no indication that the signature belongs to the owner. - Primary key fingerprint: BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B - - shell$ gpg --verify install-aws-backint-agent.sig install-aws-backint-agent - gpg: Signature made Fri 08 May 2020 12:15:40 AM UTC using RSA key ID 1E65925B - gpg: Good signature from "AWS Backint Agent" [unknown] - gpg: WARNING: This key is not certified with a trusted signature! - gpg: There is no indication that the signature belongs to the owner. - Primary key fingerprint: BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B - -If the output includes the phrase `BAD signature`, check whether you performed the procedure correctly. If you continue to get this response, contact Amazon Web Services and avoid using the downloaded files. - -###### Note - -A key is trusted only if you or someone you trust has signed it. If you receive a warning about trust, this doesn’t mean that the signature is invalid. Instead, it means that you have not verified the public key. - - - - -## Verify the signature - -**Automatic signature verification** - -To enable automatic signature verification during agent installation, see the parameter descriptions at [Install AWS Backint agent using AWS Backint installer — interactive mode](./aws-backint-agent-s3-installing-configuring.html#aws-backint-agent-installer-interactive) (Step 6k). - -**To verify the AWS Backint agent package on a Linux server** - - 1. Download the public key. - -For the China (Beijing) Region, use the following command. - - shell$ wget https://awssap-backint-agent-cn-north-1.s3.cn-north-1.amazonaws.com.cn/binary/public-key/aws-backint-agent.gpg - -For the China (Ningxia) Region, use the following command. - - shell$ wget https://awssap-backint-agent-cn-northwest-1.s3.cn-northwest-1.amazonaws.com.cn/binary/public-key/aws-backint-agent.gpg - - 2. Import the public key into your keyring. - - shell$ gpg --import aws-backint-agent.gpg - gpg: key 1E65925B: public key "AWS Backint Agent" imported - gpg: Total number processed: 1 - gpg: imported: 1 (RSA: 1) - -Make a note of the key value, as you will need it in the next step. In the preceding example, the key value is `1E65925B`. - - 3. Verify the fingerprint by running the following command. - - shell$ gpg --fingerprint 1E65925B - pub 2048R/1E65925B 2020-03-18 - Key fingerprint = BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B - uid [ unknown] AWS Backint Agent - -The fingerprint should be equal to the following: - - BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B - -If the fingerprint string doesn’t match, don’t install the agent. Contact Amazon Web Services. - -After you have verified the fingerprint, you can use it to verify the signature of the AWS Backint agent binary. - - 4. Download the signature files for the source file and the installer. - -For the China (Beijing) Region, use the following command. - - shell$ wget https://awssap-backint-agent-cn-north-1.s3.cn-north-1.amazonaws.com.cn/binary/latest/aws-backint-agent.sig - - shell$ wget https://awssap-backint-agent-cn-north-1.s3.cn-north-1.amazonaws.com.cn/binary/latest/install-aws-backint-agent.sig - -For the China (Ningxia) Region, use the following command. - - shell$ wget https://awssap-backint-agent-cn-northwest-1.s3.cn-northwest-1.amazonaws.com.cn/binary/latest/aws-backint-agent.sig - - shell$ wget https://awssap-backint-agent-cn-northwest-1.s3.cn-northwest-1.amazonaws.com.cn/binary/latest/install-aws-backint-agent.sig - - 5. To verify the signature, run `gpg --verify` against the `aws-backint-agent.tar.gz` source file and `install-aws-backint-agent` installer. - - shell$ gpg --verify aws-backint-agent.sig aws-backint-agent.tar.gz