[debian-knoppix] FAQ: what is *.md5.asc file?
-----BEGIN PGP SIGNED MESSAGE-----
The current FAQ explains the MD5 file, but not the signature file.
Furthermore, a way of finding the public key should be provided.
I spent a few minutes and did not find it.
What are the best ways to get the public key for RSA key ID BA8F038D?
How can we build confidence in this key?
| Q: What are these strange MD5 files that accompany the ISO CD images?
### .md5 would be clearer to confused user.
| A: The files with the .md5 extension contain checksums for the actual CD
| images. A checksum is a "matching number" for checking files. One can
| verify that the file matches its original down to the smallest detail.
| When you download both the ISO image for the CD and its corresponding .md5
| file, you can verify that your download was complete and that the contents
| are unchanged by typing "md5sum -c filename.md5" under Linux/Unix. Further
| information about MD5 and programs for various OS's can be found at
| http://www.fourmilab.ch/md5/. You can download a Windows(TM) version at
Q: What is the .md5.asc file?
This is a digital signature of the .md5 file. Using the gpg program,
you can check that ________ has signed the .md5 file. Verifying the
signature should give you fairly strong confidence that __________
afirms the .md5 file to be the right one.
The .md5 file can be used to verify that the .iso file was not
accidentally damaged. The .md5.asc file can be used to verify that no
bad guy subverted the .md5 file (and hence the .iso file).
You need a secure way to get the public key for __________.
Under LINUX (including Knoppix):
# add the public key to your keyring
gpg --import _______
# verify the signature of the .md5 file
gpg --verify KNOPPIX_V3.2-2003-03-30-EN.iso.md5.asc
# check the .iso file
md5sum -c KNOPPIX_V3.2-2003-03-30-EN.iso.md5
firstname.lastname@example.org voice: +1 416 482-8253
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
debian-knoppix mailing list