[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[debian-knoppix] FAQ: what is *.md5.asc file?


The current FAQ explains the MD5 file, but not the signature file.
Furthermore, a way of finding the public key should be provided.
I spent a few minutes and did not find it.

What are the best ways to get the public key for RSA key ID BA8F038D?
How can we build confidence in this key?

| Q: What are these strange MD5 files that accompany the ISO CD images?

                            ### .md5 would be clearer to confused user.

| A: The files with the .md5 extension contain checksums for the actual CD
| images. A checksum is a "matching number" for checking files. One can
| verify that the file matches its original down to the smallest detail.
| When you download both the ISO image for the CD and its corresponding .md5
| file, you can verify that your download was complete and that the contents
| are unchanged by typing "md5sum -c filename.md5" under Linux/Unix. Further
| information about MD5 and programs for various OS's can be found at
| http://www.fourmilab.ch/md5/. You can download a Windows(TM) version at
| http://www.toast442.org/md5gui.shtml.

Suggested wording:

    Q: What is the .md5.asc file?

    This is a digital signature of the .md5 file.  Using the gpg program,
    you can check that ________ has signed the .md5 file.  Verifying the
    signature should give you fairly strong confidence that __________
    afirms the .md5 file to be the right one.

    The .md5 file can be used to verify that the .iso file was not
    accidentally damaged.  The .md5.asc file can be used to verify that no
    bad guy subverted the .md5 file (and hence the .iso file).

    You need a secure way to get the public key for __________.

    Under LINUX (including Knoppix):
    	# add the public key to your keyring
	gpg --import _______

	# verify the signature of the .md5 file
	gpg --verify KNOPPIX_V3.2-2003-03-30-EN.iso.md5.asc

	# check the .iso file
	md5sum -c KNOPPIX_V3.2-2003-03-30-EN.iso.md5

Hugh Redelmeier
hugh@mimosa.com  voice: +1 416 482-8253

Version: 2.6.3ia
Charset: noconv


debian-knoppix mailing list

Reply to: