Re: Verifying authenticity of Debian CDs
On 4/5/19, Chris XX <1swansboro@gmail.com> wrote:
> I was trying to Verify the authenticity of Debian CDs on your website, but
> I don't see instructions that will guide me through the process
> (step-by-step).
>
> Can you help and/or fix?
> Thanks, Chris
>
> P.S. this was the site I got stuck on:
> https://www.debian.org/CD/verify
>
> There is a lot of information, but no clear guidence. For example, do I
> install Debian first then look somewhere for the *"fingerprints"*
>
> I don't understand the use of this tool: *"you should use the tools
> sha256sum or sha512sum to work with these."*
I'm the wrong person to explain verifying signatures, so I'll skip all
that & go with
- download the iso file
- download the SHA256SUM file
- compute the checksum of the downloaded file & compare to what's in
the SHA256SUM file. If they match you've verified the download.
So let's pretend you started from
https://cdimage.debian.org/debian-cd/current/i386/iso-cd/
and downloaded
debian-9.8.0-i386-netinst.iso
You also need to download the SHA256SUMS file
If you're on Windows, compute the checksum by doing
certutil -hashfile debian-9.8.0-i386-netinst.iso SHA256
and compare that to
8156cc4ce7a06facf69d4f7161f89431a794cdaba8e2b4eb91b2c43a302e4614
(the checksum listed in the SHA256SUMS file)
If you're already on Debian you've got the sha256sum program, so do
sha256sum debian-9.8.0-i386-netinst.iso
and compare the output to the checksum in SHA256SUMS file
Regards,
Lee
Reply to: