Web lists-archives.com

Re: Verifying Debian 9.9 with SHA and SHA.signatures




Hi,

> I've never found any terminal commands to use the checksums, or the
> signing key.

Have a look at
  https://lists.debian.org/debian-user/2019/04/msg00214.html
  https://lists.debian.org/debian-user/2019/04/msg01149.html

The first one gives an overview. You already seem to know most of this.
It also shows examples of verification commands.

The second one is about john doe's proposal, which for now is the
best candidate for a SHA512 checksum verification command:

  sha512sum -c --ignore-missing SHA512SUMS

and about my proposal to verify the GPG signature directly on the remote
keyring:

  gpg --keyserver keyring.debian.org --verify SHA512SUMS.sign SHA512SUMS


> Please could Debian create some extra documentation on using commands to
> verify Debian's isos' with SHAs and signatures?

The need is known.
In
  https://lists.debian.org/debian-user/2019/04/msg01147.html
we see the announcement of improvement by the web team.


Have a nice day :)

Thomas