Template:Signature verification

Finnix, the LiveCD for system administrators
Jump to navigation Jump to search

To verify download integrity, please use the provided OpenPGP signature. Download finnix.iso (the main file) and finnix.iso.gpg (the detached signature), then run:

gpg --recv-keys 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg --verify finnix.iso.gpg finnix.iso

The verification output should look similar to below:

gpg: Signature made using RSA key 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg: Good signature from "Finnix Release Signing Key <keymaster@finnix.org>"

Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, 8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2.

The following non-signature hashes are also available. While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, as long as the entire hash is verified.