Using GPG and Md5sum to Verify Signatures on Tarball Packages

by Greg Pregovia.

	Tweet
Share	\|

Homepage | Submit your article | Contact | TOS

More articles on linux

You are here: Categories » » Linux

Follow these steps to verify the signature of a gzipped tarball:

1. Add the public key of the person or organization that created the package.

2. Sign the public key using GPG.You can either use GPG’s --sign command, or you can enter GPG’s interactive mode.

3. Once you have added and signed the public key of the person who owns the package, enter the following command: gpg --verify signaturefile.tar.gz taballpackage.gz.

You will then receive a message either that the signature is good, or that the public key cannot be found. If the public key cannot be found, you must obtain another public key, or you will not be able to verify who owns the package.

Using Md5sum

Sometimes, a developer will use the md5sum command to generate a hash of the file.You can use this hash and the md5sum command to ensure that the file has not been altered.The easiest way to do this is to read the hash that the developer generated, download the binary in question, and then run md5sum against it.

For example, suppose that you learn that the wu-ftpd daemon (the daemon responsible for providing FTP on many sites) has a security problem.You wish to install the latest secure version. After downloading it, you run md5sum against the file:

md5sum wu-ftpd-2.8.1-6.i386.rpm
t412cfhh5bf1376cia9da6c5dd86a463 wu-ftpd-2.6.1-6.i386.rpm

However, you notice that the developer’s md5sum value for the same program reads as follows:

y415cfgz5bf1356cib8da6c5dd8da0k5

You should then delete the file and find another source where you can verify the md5sum hash.

Leave a comment or ask a question

Total comments: 0

Disclaimer

The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue

Free Open source Software and GNU Linux - Free Software and GNUIn a series of events that have almost become legend through constant repetition, Richard M. Stallman created the concept of "free software" in 1983. Stallman grew (more...)

Choose an Ubuntu Version - The developers behind Ubuntu have worked to make the software as easy and flexible to install as possible. They understand that people will be installing Ubuntu on different types of computers (more...)

Customize Ubuntu Look and Feel - Changing the Background To change the background of your desktop right-click it and select Change Desktop Background. Inside the dialog box that appears, choose yo (more...)

Configuring a Printer in Ubuntu - In the Linux world, configuring a printer has traditionally been a challenge. For years, newcomers to Linux have been repeatedly challenged and even bludgeoned with terms, commands, and phrases (more...)

Working with Windows from inside Ubuntu - Although the Linux platform offers an increasingly compelling platform for the desktop, there are sometimes situations when there is just no alternative application available. This is often the (more...)

Hardening the System with Bastille and Functions - Bastille is an open source program that facilitates the hardening of a Linux system. It performs many of the tasks, including downloading operating system updates and disabling services and po (more...)

Red Hat Linux Errata: Fixes and Advisories - Once your Red Hat system is live, you must make sure that the most current required Red Hat errata are installed.These errata include bug fixes, corrections, and updates to Red Hat products. (more...)

Locking Down Ports Under Linux - TCP/IP networks assign a port to each service, such as HTTP, Simple Mail Transfer Protocol (SMTP), and Post Office Protocol version 3 (POP3).This port is given a number, called a port number, (more...)

Deploying GNU Privacy Guard - Although many GUI interfaces are in the planning stage for GPG, the following steps focus on using GPG with the command line.The steps assume that you already have GPG installed on your system (more...)

Manually Disabling Unnecessary Services and Ports in Linux - To harden a server, you must first disable any unnecessary services and ports.This process involves removing any unnecessary services, such as the Linux rlogin service, and locking down unnece (more...)

free content

Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.