Starting with AIX 7.2 TL4 and AIX 7.3, AIX supports digital signatures of software packages in the installp format. This ensures that only verified software can be installed. This prevents accidental or intentional modification of installed software, for example, by attackers.

When a software package is installed, the digital signature is determined and compared with the signature stored in the Digital Signature Catalog (DSC). If the signature can be verified, the software package is installed. If the determined digital signature and the stored signature differ, the configured signature policy determines whether the software package is installed anyway. The possible policies are none, low, medium, and high. The default policy is none, which does not verify digital signatures.