LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-15-2013, 11:45 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Rep: Reputation: Disabled
Verifying file is correct and safe


I wish to download a file. Next to the download link, it displays the below MD5 hash along with a "signature" link which provides the below PGP signature. Three questions
  1. To test MD5, I do #md5sum MyS*, and then I check to make sure the hashes are equal using my eyes. Is it possible to include the hash off the website in the md5sum command and have it exit either yes or no?
  2. Should I use the MD5 or the PGP? EDIT. I've since seen SHA1. Which one to use of the three?
  3. How do I verify the file using the PGP signature?

Thanks!

Code:
MD5: c766aced5129a6f644992af125cdd4fc
Code:
GnuPG Signature of MySQL-5.6.12-1.el6.i686.rpm-bundle.tar

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (SunOS)

iD8DBQBRrGigjHGNO1By4fURAsfJAKCvqTQkWLwrFMmctZhY1wQoPBAkTACdHJQW
5wE55G+nmzm/ohNAL4YaQpY=
=9/RJ
-----END PGP SIGNATURE-----

Last edited by NotionCommotion; 06-15-2013 at 12:38 PM.
 
Old 06-15-2013, 12:44 PM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,429

Rep: Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348Reputation: 1348
1. Create a file with 'echo "c766aced5129a6f644992af125cdd4fc MySQL-5.6.12-1.el6.i686.rpm-bundle.tar" > MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.md5'. Then you can do 'md5sum -c MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.md5' which will return the filename and OK after a successful check.
2. MD5 is no longer considered secure, but is still useful for checking for an uncorrupted download.
3. Copy the signature into a file MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.asc and then do 'gpg2 --verify MySQL-5.6.12-1.el6.i686.rpm-bundle.tar.asc'. Note:- You will need to install the PGP key from the supplier before this using a command like 'gpg2 --import <keyfile>' or 'gpg2 --fetchkeys <URI>'.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bash: verifying the contents of a file hydraMax Programming 16 06-01-2012 01:06 PM
[SOLVED] correct/safe iptables rules for redirecting port 80 to 8080 sundoe Linux - Security 3 07-13-2010 09:00 PM
verifying the integrity of a file incomingid Linux - Newbie 3 10-24-2008 10:05 PM
Verifying file responsible for $PATH statement regardless of distribution loadedmind Linux - Newbie 8 06-26-2008 11:11 PM
Help verifying the download using the included SHA1SUM file EtherGhost Fedora 2 06-02-2007 12:57 PM


All times are GMT -5. The time now is 04:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration