Re: Verifying Debian 9.9 with SHA and SHA.signatures

To: debian-user@lists.debian.org
Cc: <stefan.schultz19.5.1991@protonmail.com>
Subject: Re: Verifying Debian 9.9 with SHA and SHA.signatures
From: "Thomas Schmitt" <scdbackup@gmx.net>
Date: Fri, 24 May 2019 16:44:42 +0200
Message-id: <[🔎] 12981676145254587046@scdbackup.webframe.org>
In-reply-to: <[🔎] m_XwCfAa-vT5X_7uBqF0TA-_VOHnnCLNxffsvDzwNwyA91QAGlFxaw7m4-TKOX7zuV9krO8lt81DoHgCX13rWcAGYfFr5mfotnD-1pEA_6w=@protonmail.com>
References: <[🔎] m_XwCfAa-vT5X_7uBqF0TA-_VOHnnCLNxffsvDzwNwyA91QAGlFxaw7m4-TKOX7zuV9krO8lt81DoHgCX13rWcAGYfFr5mfotnD-1pEA_6w=@protonmail.com>

Hi,

> I've never found any terminal commands to use the checksums, or the
> signing key.

Have a look at
  https://lists.debian.org/debian-user/2019/04/msg00214.html
  https://lists.debian.org/debian-user/2019/04/msg01149.html

The first one gives an overview. You already seem to know most of this.
It also shows examples of verification commands.

The second one is about john doe's proposal, which for now is the
best candidate for a SHA512 checksum verification command:

  sha512sum -c --ignore-missing SHA512SUMS

and about my proposal to verify the GPG signature directly on the remote
keyring:

  gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS


> Please could Debian create some extra documentation on using commands to
> verify Debian's isos' with SHAs and signatures?

The need is known.
In
  https://lists.debian.org/debian-user/2019/04/msg01147.html
we see the announcement of improvement by the web team.


Have a nice day :)

Thomas

Reply to:

References:
- Verifying Debian 9.9 with SHA and SHA.signatures
  - From: "Stefan.schultz19.5.1991" <stefan.schultz19.5.1991@protonmail.com>

Prev by Date: Verifying Debian 9.9 with SHA and SHA.signatures
Next by Date: Debian Programming languages
Previous by thread: Verifying Debian 9.9 with SHA and SHA.signatures
Next by thread: Debian Programming languages
Index(es):
- Date
- Thread