Difference between revisions of "Template:Signature verification"

Finnix, the LiveCD for system administrators
Jump to navigation Jump to search
(Created page with "To verify download integrity, please use the provided OpenPGP signature. Download the ISO and signature (ending in <tt>.gpg</tt>) files, and run: <pre<includeonly></includeo...")
 
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
To verify download integrity, please use the provided OpenPGP signature.  Download the ISO and signature (ending in <tt>.gpg</tt>) files, and run:
+
To verify download integrity, please use the provided OpenPGP signature.  Download <tt>{{{filename|finnix.iso}}}</tt> (the main file) and <tt>{{{filename|finnix.iso}}}.gpg</tt> (the detached signature), then run:
  
 
<pre<includeonly></includeonly>>
 
<pre<includeonly></includeonly>>
Line 12: Line 12:
 
</pre>
 
</pre>
  
Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, '''<tt>8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2</tt>'''.<noinclude>
+
Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, '''<tt>8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2</tt>'''.
 +
 
 +
{{ #if: {{{sha512sum|}}}{{{sha256sum|x}}}{{{md5sum|}}} | The following non-signature hashes are also available.  While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, ''as long as the entire hash is verified''.
 +
 
 +
{{ #if: {{{sha512sum|}}} | SHA-512:<pre<includeonly></includeonly>>{{{sha512sum|}}} {{{filename|finnix.iso}}}</pre> }}
 +
{{ #if: {{{sha256sum|}}} | SHA-256:<pre<includeonly></includeonly>>{{{sha256sum|}}} {{{filename|finnix.iso}}}</pre> }}
 +
{{ #if: {{{md5sum|}}} | MD5:<pre<includeonly></includeonly>>{{{md5sum|}}} {{{filename|finnix.iso}}}</pre> }}
 +
}}<noinclude>
  
 
[[Category:Finnix templates|S]]</noinclude>
 
[[Category:Finnix templates|S]]</noinclude>

Latest revision as of 20:41, 8 August 2020

To verify download integrity, please use the provided OpenPGP signature. Download finnix.iso (the main file) and finnix.iso.gpg (the detached signature), then run:

gpg --recv-keys 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg --verify finnix.iso.gpg finnix.iso

The verification output should look similar to below:

gpg: Signature made using RSA key 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg: Good signature from "Finnix Release Signing Key <keymaster@finnix.org>"

Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, 8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2.

The following non-signature hashes are also available. While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, as long as the entire hash is verified.