Template:Signature verification

Finnix, the LiveCD for system administrators
Revision as of 20:41, 8 August 2020 by Ryan Finnie (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

To verify download integrity, please use the provided OpenPGP signature. Download finnix.iso (the main file) and finnix.iso.gpg (the detached signature), then run:

gpg --recv-keys 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg --verify finnix.iso.gpg finnix.iso

The verification output should look similar to below:

gpg: Signature made using RSA key 867279B83BF8E815A236D39E7D6F85C04356E6C2
gpg: Good signature from "Finnix Release Signing Key <keymaster@finnix.org>"

Be sure to explicitly check the reported signature matches Finnix Release Signing Key's OpenPGP signature, 8672 79B8 3BF8 E815 A236 D39E 7D6F 85C0 4356 E6C2.

The following non-signature hashes are also available. While verifying the OpenPGP signature is preferred, these can be used as lower-trust verification, as long as the entire hash is verified.