On 10/08/2016 2:38 PM, Andrew F Comly 康大成 wrote: > $ gpg --verify SHA512SUMS.sign SHA512SUMS > gpg: Signature made 2016年06月05日 (週日) 23時59分09秒 CST using RSA key > ID 6294BE9B > gpg: Good signature from "Debian CD signing key > <debian-cd@lists.debian.org <mailto:debian-cd@lists.debian.org>>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B > > $ sha512sum debian-8.5.0-i386-lxde-CD-1. > iso && wait && sha512sum /dev/sdb > 3365649694bf623d63f37853582d3fe0f7aa774821e2533d2dc79f5d763df1751e20da98da013ccc9bd3257159362434462bd7363caff3a590e75701b81e751c > > $ sudo sha512sum /dev/sdb > 912ac63416f9e4cc90b10eecf08765aa3665cea3cb971865f9887b5193bdf8961cdaf7978dfbdb5a966ae03e16c6704dfd80c50eea30f9bea32b5dbd67f99747 > /dev/sdb Get the byte size of the ISO file and make sure that you only test exactly that many bytes from the /dev/sdb device. Divide the number of bytes with say 40960 and then multiply the answer with 40960 to see that you get the same total number of bytes, then do something like this: dd if=/dev/sdb bs=40960 count=[Exact count of 40960 to match ISO size] | sha512sum - For example, say the ISO is 1052835840 bytes in size: # bc bc 1.06.95 Copyright 1991-1994, 1997, 1998, 2000, 2004, 2006 Free Software Foundation, Inc. This is free software with ABSOLUTELY NO WARRANTY. For details type `warranty'. 1052835840/40960 25704 25704*40960 1052835840 dd if=/dev/sdb bs=40960 count=25704 |sha512sum - The point is that you need to compare the exact same data; reading from /dev/sdb may give you extra data at the end which will screw up the hash. Then, see if you get the same value. Cheers AndrewM
Attachment:
signature.asc
Description: OpenPGP digital signature