> Please how is one supposed to verify the integrity of an official > OpenBSD 5.6 commercial CD set, bought on the OpenBSD store and received > by physical mail? > > Those CD images (with multiple platforms on the same CD) do not seem to > be available for download. Their checksums (provided mine are not > corrupted) are not even indexed by major search engines.
Each directory on the CD is signed using signify and the 5.6 keys listed at http://www.openbsd.org/56.html As a shortcut, you can compare the the CD 5.6/amd64/SHA256.sig to http://ftp.openbsd.org/pub/OpenBSD/5.6/amd64/SHA256.sig, but do run signify to verify the other files.
