APM Insight PHP agent - Checksum Validation


You can verify the authenticity of the downloaded APM Insight agent with SHA256 checksum validation. This ensures that the downloaded agent is credible and is not tampered with by any malicious code or software.

To verify the authenticity of the agent, follow the steps given below:

  1. Compare the checksum value provided below with the downloaded agent.

    Windows : 5d30bf31d53438e2534592a5a2dc36007cbdb5e0ac581796710936ec95a44593   agent_php.msi
    Linux : 8bbd1b8550f1f187040f30b5335f655669e7126cfe21f9ad296ba4b77ff831ac   agent_php.zip

    Follow the steps below to validate the checksum value:
    • For Linux systems, execute the following command:

      sha256sum agent_php.zip

    • For Windows, you can use either of the following commands:
      • Open Command Prompt and execute the following command:

        certutil -hashfile agent_php.msi SHA256

      • Open Windows Powershell and execute the following command:

        Get-FileHash agent_php.msi -Algorithm SHA256

  2. After executing the commands, you will obtain a checksum value. Check that value with the one downloaded from the checksum file.

Sample Output:

Note: If the checksum values differ, do not unzip or open the file.

Agent Signature Verfication

All the agent files are signed with a Zoho Corp. certificate.

To verify the signature, follow the steps below:

Note: Downloading the PGP key for the signature file verification is important. Without the PGP key, the verification may not be successful.

  1. Download the Applications Manager PHP agent public key (appmgrphp.pub) file. It should be similar to the following output.

  2. Import the public key to your trusted keystore (use .pub or .ascto save the aforementioned key).

    "gpg --import appmgrphp.pub"
     [or]
    "gpg --import appmgrphp.asc"

  3. Download the signature file (agent_php.zip.sig) and verify the downloaded zip with its signature.

    "gpg --verify agent_php.zip.sig agent_php.zip"