Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: signature_keyid
Namespace: http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux
Type: oval-sc:EntityItemStringType
Containing Schema: linux-system-characteristics-schema.xsd
MinOccurs 0
MaxOccurs 1
Abstract
Documentation:
This field contains the PGP key ID that the RPM issuer (generally the original operating system vendor) uses to sign the key. PGP is used to verify the authenticity and integrity of the RPM being considered. Software packages and patches are signed cryptographically to allow administrators to allay concerns that the distribution mechanism has been compromised, whether that mechanism is web site, FTP server, or even a mirror controlled by a hostile party. OVAL uses this field most of all to confirm that the package installed on the system is that shipped by the vendor, since comparing package version numbers against patch announcements is only programmatically valid if the installed package is known to contain the patched code.
Collapse XSD Schema Diagram:
Drilldown into status in schema oval-system-characteristics-schema_xsd Drilldown into mask in schema oval-system-characteristics-schema_xsd Drilldown into datatype in schema oval-system-characteristics-schema_xsd Drilldown into EntityItemStringType in schema oval-system-characteristics-schema_xsdXSD Diagram of signature_keyid in schema linux-system-characteristics-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="signature_keyid" type="oval-sc:EntityItemStringType" minOccurs="0" maxOccurs="1">
    <xsd:annotation>
        <xsd:documentation>This field contains the PGP key ID that the RPM issuer (generally the original operating system vendor) uses to sign the key. PGP is used to verify the authenticity and integrity of the RPM being considered. Software packages and patches are signed cryptographically to allow administrators to allay concerns that the distribution mechanism has been compromised, whether that mechanism is web site, FTP server, or even a mirror controlled by a hostile party. OVAL uses this field most of all to confirm that the package installed on the system is that shipped by the vendor, since comparing package version numbers against patch announcements is only programmatically valid if the installed package is known to contain the patched code.</xsd:documentation>
        <xsd:appinfo>
            <sch:pattern id="rpmitemsignature_keyid" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                <sch:rule context="linux-sc:rpminfo_item/linux-sc:signature_keyid">
                    <sch:assert test="not(@datatype) or @datatype='string'">item <sch:value-of select="../@id" /> - datatype attribute for the signature_keyid entity of a rpminfo_item should be 'string'</sch:assert>
                </sch:rule>
            </sch:pattern>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>
Collapse Child Attributes:
Name Type Default Value Use
datatype oval-sc:datatype string Optional
mask oval-sc:mask false Optional
status oval-sc:status exists Optional
Collapse Derivation Tree:
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0