Cisco Cisco IOS XE 3.5E
Revised: December 8, 2015,
Digitally Signed Cisco Software
The Digitally Signed Cisco Software feature describes how to identify digitally signed Cisco software, gather software authentication
information related to digitally signed images, and perform key revocation. Digitally Signed Cisco software is software that is digitally
signed using secure asymmetrical (public-key) cryptography.
information related to digitally signed images, and perform key revocation. Digitally Signed Cisco software is software that is digitally
signed using secure asymmetrical (public-key) cryptography.
The purpose of digitally signed Cisco software is to ensure that customers are confident that the software running within their systems
is secure and has not been tampered with, and that the software running in those systems originated from the trusted source as claimed.
is secure and has not been tampered with, and that the software running in those systems originated from the trusted source as claimed.
For customers concerned about software updates involving digitally signed Cisco software--no action is necessary for customers to
take advantage of the increased protection. The system operation is largely transparent to existing practices. Some minor changes in
system displays reflect the use of digitally signed Cisco software.
take advantage of the increased protection. The system operation is largely transparent to existing practices. Some minor changes in
system displays reflect the use of digitally signed Cisco software.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see
and the release notes for your platform and software release. To find information about the features documented in
this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature
Navigator, go to
Navigator, go to
. An account on Cisco.com is not required.
Restrictions for Digitally Signed Cisco Software
The Cisco Catalyst 4500 E+Series switches running Cisco IOS XE software include the functionality described in this document,
except for Digitally Signed Software Key Revocation and Replacement.
except for Digitally Signed Software Key Revocation and Replacement.
Information About Digitally Signed Cisco Software
Features and Benefits of Digitally Signed Cisco Software
Three main factors drive digitally signed Cisco software and software integrity verification:
• The U.S. government is introducing a new version of the Federal Information Processing Standard (FIPS) 140. FIPS-140-3 is
the latest draft and is scheduled for ratification in 2010 and to be effective in 2011. This standard requires software to be digitally
signed and to be verified for authenticity and integrity prior to load and execution.
signed and to be verified for authenticity and integrity prior to load and execution.
• The focus on product security provides increased protection from attacks and threats to Cisco products. Digitally signed Cisco
software offers increased protection from the installation and loading of software that has been corrupted or modified.
• Digitally signed Cisco software provides counterfeit protection, which provides further assurance for customers that the equipment
they purchase is as claimed.
2