[debian-knoppix] FAQ: what is *.md5.asc file?

To: debian-knoppix@linuxtag.org
Subject: [debian-knoppix] FAQ: what is *.md5.asc file?
From: "D. Hugh Redelmeier" <hugh@mimosa.com>
Date: Wed, 2 Apr 2003 14:24:21 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.44.0304021409000.24231-100000@redshift.mimosa.com>
Reply-to: "D. Hugh Redelmeier" <hugh@mimosa.com>

-----BEGIN PGP SIGNED MESSAGE-----


The current FAQ explains the MD5 file, but not the signature file.
Furthermore, a way of finding the public key should be provided.
I spent a few minutes and did not find it.

What are the best ways to get the public key for RSA key ID BA8F038D?
How can we build confidence in this key?

| Q: What are these strange MD5 files that accompany the ISO CD images?

                            ### .md5 would be clearer to confused user.

| A: The files with the .md5 extension contain checksums for the actual CD
| images. A checksum is a "matching number" for checking files. One can
| verify that the file matches its original down to the smallest detail.
| When you download both the ISO image for the CD and its corresponding .md5
| file, you can verify that your download was complete and that the contents
| are unchanged by typing "md5sum -c filename.md5" under Linux/Unix. Further
| information about MD5 and programs for various OS's can be found at
| http://www.fourmilab.ch/md5/. You can download a Windows(TM) version at
| http://www.toast442.org/md5gui.shtml.

Suggested wording:

    Q: What is the .md5.asc file?

    This is a digital signature of the .md5 file.  Using the gpg program,
    you can check that ________ has signed the .md5 file.  Verifying the
    signature should give you fairly strong confidence that __________
    afirms the .md5 file to be the right one.

    The .md5 file can be used to verify that the .iso file was not
    accidentally damaged.  The .md5.asc file can be used to verify that no
    bad guy subverted the .md5 file (and hence the .iso file).

    You need a secure way to get the public key for __________.

    Under LINUX (including Knoppix):
    	# add the public key to your keyring
	gpg --import _______

	# verify the signature of the .md5 file
	gpg --verify KNOPPIX_V3.2-2003-03-30-EN.iso.md5.asc

	# check the .iso file
	md5sum -c KNOPPIX_V3.2-2003-03-30-EN.iso.md5

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPos468FAuQPManGZAQGjlAP7BX4+GUfh26nRMsjC8t1D5H34qOVilWHC
5tP5qRPOkJiFGUw1WKWsoXpYfKVQynXWfcLCuKnZ/Y4SbPx5Wv6LPvZheIqev6p8
AW0j4c+l+oZdGB5T7VhQPkkQshyGX5RULZjuyN6kLsKv3ziRaHX+Nwb/mTNgdQN9
QMf3dePH8N0=
=i2FG
-----END PGP SIGNATURE-----

_______________________________________________
debian-knoppix mailing list
debian-knoppix@linuxtag.org
http://mailman.linuxtag.org/mailman/listinfo/debian-knoppix

Reply to:

Follow-Ups:
- Re: [debian-knoppix] FAQ: what is *.md5.asc file?
  - From: knopper@linuxtag.org (Klaus Knopper)

Prev by Date: Re: [debian-knoppix] locales install error
Next by Date: [debian-knoppix] Help using Knoppix kernel config to get framebuffer working
Previous by thread: Re: [debian-knoppix] knx-hdinstall without login
Next by thread: Re: [debian-knoppix] FAQ: what is *.md5.asc file?
Index(es):
- Date
- Thread