Difference between revisions of "Template:Signature verification"

Finnix, the LiveCD for system administrators
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 12: Line 12:
 
</pre>
 
</pre>
  
Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, '''<tt>8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2</tt>'''.{{ #if: {{{sha512sum|}}}{{{sha256sum|}}}{{{md5sum|}}} |
+
Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, '''<tt>8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2</tt>'''.
  
The following non-signature hashes are also available.  While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, ''as long as the entire hash is verified''.
+
{{ #if: {{{sha512sum|}}}{{{sha256sum|x}}}{{{md5sum|}}} | The following non-signature hashes are also available.  While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, ''as long as the entire hash is verified''.
  
<pre<includeonly></includeonly>>{{ #if: {{{sha512sum|}}} |
+
{{ #if: {{{sha512sum|}}} | SHA-512:<pre<includeonly></includeonly>>{{{sha512sum|}}} {{{filename|finnix.iso}}}</pre> }}
{{{sha512sum|}}} {{{filename|finnix.iso}}} (SHA-512) }}{{ #if: {{{sha256sum|}}} |
+
{{ #if: {{{sha256sum|}}} | SHA-256:<pre<includeonly></includeonly>>{{{sha256sum|}}} {{{filename|finnix.iso}}}</pre> }}
{{{sha256sum|}}} {{{filename|finnix.iso}}} (SHA-256) }}{{ #if: {{{md5sum|}}} |
+
{{ #if: {{{md5sum|}}} | MD5:<pre<includeonly></includeonly>>{{{md5sum|}}} {{{filename|finnix.iso}}}</pre> }}
{{{ms5dum|}}} {{{filename|finnix.iso}}} (MD5) }}</pre>
 
 
}}<noinclude>
 
}}<noinclude>
  
 
[[Category:Finnix templates|S]]</noinclude>
 
[[Category:Finnix templates|S]]</noinclude>

Latest revision as of 20:41, 8 August 2020

To verify download integrity, please use the provided OpenPGP signature. Download finnix.iso (the main file) and finnix.iso.gpg (the detached signature), then run:

gpg --recv-keys 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg --verify finnix.iso.gpg finnix.iso

The verification output should look similar to below:

gpg: Signature made using RSA key 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg: Good signature from "Finnix Release Signing Key <keymaster@finnix.org>"

Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, 8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2.

The following non-signature hashes are also available. While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, as long as the entire hash is verified.