This chapter provides an overview of Secure Delivery on OpenVMS and describes how to invoke its components using CDSA. Secure Delivery creates digital signatures for files, so that the file and associated manifest can be delivered over an unsecured channel such as a web download.

Support for Secure Delivery is included in CDSA beginning with OpenVMS Version 8.3.

	NOTE: Kits included on the OpenVMS Version 8.3 distribution media are signed using Secure Delivery. On OpenVMS I64, SIP (System Integrated Product) or layered product kits that are installed during or after the OpenVMS upgrade are validated. On OpenVMS Alpha, only SIP or layered product kits that are installed after the OpenVMS upgrade are validated. Kits created before the secure delivery process was enabled in OpenVMS Version 8.3 can be installed on OpenVMS Version 8.3. These kits are marked as unsigned, rather than as a validated kit in the PCSI history file. Products installed before Version 8.3 have a blank validation status in the PCSI history. For more information, see “PCSI and Secure Delivery”.

Secure Delivery uses public key and digital signature technology to implement a system that provides OpenVMS users with the ability to authenticate and validate the files they download from OpenVMS and third-party OpenVMS vendors.

Secure Delivery enhances CDSA by creating a manifest of a target file so that the file and its accompanying manifest can be delivered together over an unsecured Internet link or media format, such as a CD or DVD. After the files are in place on the target system, the manifest can be used to authenticate the originator and validate the contents of the target file. If the target file (or the manifest) has been tampered with in any way, the validation process will fail. If the certificates used to sign the file have been revoked, the validation will fail.

See the Glossary for definitions of terms used in this chapter.