Ensuring Upgrade Security
We take the following measure to ensure the upgrade is secure:
Secret Server on-Premises upgrades are packaged in a wrapper zip file for delivery. These upgrade zip files are named with the release version, such as Version_11_1_000006.zip. Each wrapper zip file contains two files, a security catalog file named hashes.crt and yet another zip file named ss_update.zip.
The ss_update.zip file holds the changes for the new Secret Server version (database and file changes). The hashes.crt file is a signed security catalog containing the hash of the ss_update.zip file, which is used to ensure the authenticity and integrity of the ss_update.zip file.
A hash is a long string of characters that represents a unique digital "fingerprint" of any file the hash function is run on. Any change to a hashed file causes future hashes of the altered file to differ from the original hash, proving the file is different.
When the upgrader processes ss_update.zip, the following occurs:
- The
hashes.crtfile is validated to ensure that its digital signature is the original produced by Delinea. - The same hash function that created the original hash is run on the
ss_update.zipfile, creating a new hash. - The original hash is compared to the new hash, ensuring the two match and
ss_update.ziphas not been tampered with. - The original wrapper zip file is inspected to ensure it does not contain any unexpected, likely malicious, files.
As a result of this inspection process, the upgrader is positive both ss_update.zip and hashes.crt are genuine and there are no foreign files present.
