1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.CD

  • Re: verify debian12 signature

    From Thomas Schmitt@21:1/5 to Juan Manuel on Thu Jun 13 09:00:01 2024
    Hi,

    Juan Manuel wrote:
    I have downloaded the latest version of debian12. I
    have the GNU4win program with kleopatra but I don't know how to check the digital signature.

    Do i get it right that you have an MS-Windows system ?
    (And that by "GNU4win" you mean "GPG4win" ?)

    If so, you need a program to compute a SHA256 or SHA512 checksum from
    the downloaded .iso file and a program to verify the corresponding
    SHA*SUMS file by its SHA*SUMS.sign file.

    I'm not a user of MS-Windows, so i cannot recommend any software for those tasks. If no other way would be to see, i'd consider to install WSL
    and to do the verification by its help.
    https://wiki.debian.org/InstallingDebianOn/Microsoft/Windows/SubsystemForLinux

    In a Debian provided shell i would then do:
    gpg --verify SHA256SUMS.sign SHA256SUMS
    which should yield one of the key fingerprints as listed on
    https://www.debian.org/CD/verify
    Important will be these result statements:
    "Good signature from" ... "Debian" ...
    "Primary key fingerprint:" ... one of the listed fingerprints ...

    Then i'd compute the SHA256 of the .iso file
    sha256sum debian-12.5.0-amd64-netinst.iso
    and compare it with the checksum string which is listed for the .iso file
    in SHA256SUMS.

    -------------------------------------------------------------------- Alternative ideas:

    Maybe you can perform the .sign check similar to what
    https://docs.oracle.com/cd/E17952_01/mysql-5.7-en/checking-gpg-signature-windows.html
    proposes for "mysql-installer-community-5.7.44.msi" as payload file
    (yours would be SHA256SUMS) and "mysql-installer-community-5.7.44.msi.asc"
    as detached signature file (yours: SHA256SUMS.sign).

    This page
    https://3d-imaging.co.uk/blog/verifying-sig-files-with-gpgp4win/
    states that GPG4win would offer the command line tool to run
    gpg --verify gpg4win*.exe.sig gpg4win*.exe
    (You'd just use file names SHA256SUMS.sign SHA256SUMS instead.)

    As for computing the SHA256 sum of the .iso, i find on
    https://www.pctipp.ch/praxis/windows-10/windows-10-sha256-hash-bordmitteln-pruefen-2507915.html
    a proposal for PowerShell, which in your case would look like:
    Get-Filehash debian-12.5.0-amd64-netinst.iso -Algorithm SHA256


    Have a nice day :)

    Thomas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew M.A. Cater@21:1/5 to Franco Martelli on Fri Jun 14 22:20:01 2024
    On Fri, Jun 14, 2024 at 09:40:03PM +0200, Franco Martelli wrote:
    On 14/06/24 at 17:26, Juan Manuel . wrote:
    I'm sorry but it's complicated. Do you know anyone who can remotely
    connect with me to guide me?

    Existe tambien la lista de correos debian-user-spanish

    https://lists.debian.org/debian-user-spanish/2024/06/threads.html

    y el sitio Debian en castellano.

    https://www.debian.org/index.es.html

    Andy

    [Pointing to Debian user spanish and Debian site in Spanish

    (and top posting for speed and because the poster is using gmail).

    ------------------------------------------------------------------------ *De:* Franco Martelli <[email protected]>
    *Enviado:* jueves, 13 de junio de 2024 19:19
    *Para:* [email protected] <[email protected]>
    *Cc:* [email protected] <[email protected]>
    *Asunto:* Re: verify debian12 signature
    On 13/06/24 at 08:54, Thomas Schmitt wrote:
    Then i'd compute the SHA256 of the .iso file
    ��� sha256sum debian-12.5.0-amd64-netinst.iso
    and compare it with the checksum string which is listed for the .iso file in SHA256SUMS.

    The comparison can be done directly by "sha256sum" command using the
    "-c" option. Download both .iso and SHA256SUMS files in the same
    directory then use this command:

    ~$ sha256sum --ignore-missing -c SHA256SUMS
    debian-12.5.0-amd64-DVD-1.iso: OK

    Cheers,

    No, of course I don't know anyone who can help you.
    However if you aren't comfortable with the CLI (Command Line Interface) and you want to install Debian on your PC then you need a friend that already
    did that *or* you need a book to start with.

    You can find a friend looking for a LUG (Linux User Group) near to the town where you live. e.g. in Google search for: "linux user group Spain" or
    "linux user group Madrid"

    You can read this book:
    https://lescahiersdudebutant.arpinux.org/bookworm-en/

    or if you like to go further, this: https://debian-handbook.info/browse/stable/index.html

    There are also the on-line Debian's docs suitable for beginners: https://www.debian.org/doc/

    Good luck!

    --
    Franco Martelli


    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)