Re: signature files
On Tue, 04 Sep 2012 20:04:47 -0700, james gray wrote:
(please, no html posts, thanks)
> Question:
>
> how does a person find the signature files using #md5sumsums
(...)
You usually have to manually check it (though some burning programs
provide that capability). I mean, you get a file (e.g., file.iso) and
that files provides a md5sum to ensure what you get is what is uploaded
in the server with no modifications.
Once you have both things (file.iso and file.md5 or file.sig) you can run
the command with no arguments (the easiest way):
md5sum file.iso
Which will output the hash that you can then visually compare with the
one you already have.
("man md5sum" provides additional info and available options for the
command and Debian FAQ¹ page also provides more hints)
Anyway, I rarely use "gpg" (more secure, it uses sha512) but
"md5sum" (less secure but quicker :-P). Some soamples bor both commands
can be found here².
¹http://www.debian.org/CD/faq/index.en.html#verify
²http://maxgaukler.de/2011/verifying-debian-squeeze-cd-images-from-lenny/
Greetings,
--
Camaleón
Reply to: