Web lists-archives.com

Re: Verifying authenticity of Debian CDs

On Fri, Apr 5, 2019, 18:06 Thomas Schmitt <scdbackup@xxxxxxx> wrote:

Chris XX wrote:
> I was trying to Verify the authenticity of Debian CDs on your website, but I
> don't see instructions that will guide me through the process
> (step-by-step).

(We are the users. But some Debian Developers are watching, too.)

Obviously there is a gap between checksum file verification and .iso image

Let's first look at the files offered for download:
has among others


> https://www.debian.org/CD/verify

This publishes the key "fingerprints" by which you can recognize authentic
pairs of SHA512SUMS.sign and SHA512SUMS.

It points to
where you probably shall learn how to obtain the keys in question,
namely by the shell commands

  gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D
  gpg --keyserver keyring.debian.org --recv-keys 6294BE9B
  gpg --keyserver keyring.debian.org --recv-keys 09EA8AC3

Experienced users of gpg would know that one can check authenticity by

  gpg --verify SHA512SUMS.sign SHA512SUMS

which should say something like

  gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID 6294BE9B
  gpg: Good signature from "Debian CD signing key <debian-cd@xxxxxxxxxxxxxxxx>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The reported fingerprint must be one of the published fingerprints,
or else something is fishy.
Here it is the Debian one of 2011-01-05. I.e. all is well so far.

If you change some character in SHA512SUMS and run above command again
then you will see

  gpg: Signature made Sun 17 Feb 2019 04:10:30 PM CET using RSA key ID 6294BE9B
  gpg: BAD signature from "Debian CD signing key <debian-cd@xxxxxxxxxxxxxxxx>"

So you can trust the content of SHA512SUMS, if gpg --verify says it is
good and if the key fingerprint matches one of the Debian fingerprints.

Now you have to follow the tiny link "faq" at the bottom to
where you hop to

Between the lines you read that there is a text line in SHA512SUMS which
shows the name of the .iso file which you actually want to verify:

  cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245  debian-9.8.0-amd64-netinst.iso

More explicite is the hint to use program "sha512sum". A run of

  sha512sum debian-9.8.0-amd64-netinst.iso

puts out

  cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245  debian-9.8.0-amd64-netinst.iso

which you should compare with the line in SHA512SUMS.

Alternatively you could run

  sha512sum --check SHA512SUMS 2>/dev/null

to get

  debian-9.8.0-amd64-netinst.iso: OK
  debian-9.8.0-amd64-xfce-CD-1.iso: FAILED open or read
  debian-mac-9.8.0-amd64-netinst.iso: FAILED open or read

Or you could download


and run

  chmod u+x ./check_debian_iso
  ./check_debian_iso SHA512SUMS debian-9.8.0-amd64-netinst.iso

to get

  Piping 149504 blocks of 'debian-9.8.0-amd64-netinst.iso' through 'sha512sum'
  to verify checksum list item 'debian-9.8.0-amd64-netinst.iso'.
  149504+0 records in
  149504+0 records out
  306184192 bytes (306 MB) copied, 0.882765 s, 347 MB/s
  Ok: 'debian-9.8.0-amd64-netinst.iso' matches 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS'

Now let's see what happens if a single byte is altered in the .iso

  dd if=/dev/zero bs=1 count=1 conv=notrunc seek=511 of=debian-9.8.0-amd64-netinst.iso

Now the proposed verifyier runs yield:

  0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229  debian-9.8.0-amd64-netinst.iso

which does obviously not match the line in SHA512SUMS, or

  debian-9.8.0-amd64-netinst.iso: FAILED


  Found:     0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229
  Expected:  cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245
  MISMATCH: 'debian-9.8.0-amd64-netinst.iso' checksum differs from 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS'

So you know that the checksumers really detect nearly all damages of


@ Steve McIntyre (maintainer of debian-cd):

Do you agree with the instructions above ?

Is there a consolidated wiki page with such instructions which i failed
to find ? If not: shall we make such a page ?

Have a nice day :)


Thomas, thank you for posting this.

It is a good "walk-through" of the verification process. Unfortunately, proper verification can seem too complicated for some users, especially newer ones.  So often they just:

sha512 sum debian-9.8.0-amd64-netinst.is

say, "looks about the same", and call it a day.

Hopefully this will help someone. 

Thanks again.