On 4/5/19, Chris XX <1swansb...@gmail.com> wrote: > I was trying to Verify the authenticity of Debian CDs on your website, but > I don't see instructions that will guide me through the process > (step-by-step). > > Can you help and/or fix? > Thanks, Chris > > P.S. this was the site I got stuck on: > https://www.debian.org/CD/verify > > There is a lot of information, but no clear guidence. For example, do I > install Debian first then look somewhere for the *"fingerprints"* > > I don't understand the use of this tool: *"you should use the tools > sha256sum or sha512sum to work with these."*
I'm the wrong person to explain verifying signatures, so I'll skip all that & go with - download the iso file - download the SHA256SUM file - compute the checksum of the downloaded file & compare to what's in the SHA256SUM file. If they match you've verified the download. So let's pretend you started from https://cdimage.debian.org/debian-cd/current/i386/iso-cd/ and downloaded debian-9.8.0-i386-netinst.iso You also need to download the SHA256SUMS file If you're on Windows, compute the checksum by doing certutil -hashfile debian-9.8.0-i386-netinst.iso SHA256 and compare that to 8156cc4ce7a06facf69d4f7161f89431a794cdaba8e2b4eb91b2c43a302e4614 (the checksum listed in the SHA256SUMS file) If you're already on Debian you've got the sha256sum program, so do sha256sum debian-9.8.0-i386-netinst.iso and compare the output to the checksum in SHA256SUMS file Regards, Lee
