Re: verify debian12 signature
On Fri, Jun 14, 2024 at 09:40:03PM +0200, Franco Martelli wrote: > On 14/06/24 at 17:26, Juan Manuel . wrote: > > I'm sorry but it's complicated. Do you know anyone who can remotely > > connect with me to guide me? Existe tambien la lista de correos debian-user-spanish https://lists.debian.org/debian-user-spanish/2024/06/threads.html y el sitio Debian en castellano. https://www.debian.org/index.es.html Andy [Pointing to Debian user spanish and Debian site in Spanish (and top posting for speed and because the poster is using gmail). > > > > *De:* Franco Martelli > > *Enviado:* jueves, 13 de junio de 2024 19:19 > > *Para:* debian-cd@lists.debian.org > > *Cc:* juanmanue...@hotmail.com > > *Asunto:* Re: verify debian12 signature > > On 13/06/24 at 08:54, Thomas Schmitt wrote: > > > Then i'd compute the SHA256 of the .iso file > > > sha256sum debian-12.5.0-amd64-netinst.iso > > > and compare it with the checksum string which is listed for the .iso file > > > in SHA256SUMS. > > > > The comparison can be done directly by "sha256sum" command using the > > "-c" option. Download both .iso and SHA256SUMS files in the same > > directory then use this command: > > > > ~$ sha256sum --ignore-missing -c SHA256SUMS > > debian-12.5.0-amd64-DVD-1.iso: OK > > > > Cheers, > > No, of course I don't know anyone who can help you. > However if you aren't comfortable with the CLI (Command Line Interface) and > you want to install Debian on your PC then you need a friend that already > did that *or* you need a book to start with. > > You can find a friend looking for a LUG (Linux User Group) near to the town > where you live. e.g. in Google search for: "linux user group Spain" or > "linux user group Madrid" > > You can read this book: > https://lescahiersdudebutant.arpinux.org/bookworm-en/ > > or if you like to go further, this: > https://debian-handbook.info/browse/stable/index.html > > There are also the on-line Debian's docs suitable for beginners: > https://www.debian.org/doc/ > > Good luck! > > -- > Franco Martelli >
Re: verify debian12 signature
On 14/06/24 at 17:26, Juan Manuel . wrote: I'm sorry but it's complicated. Do you know anyone who can remotely connect with me to guide me? *De:* Franco Martelli *Enviado:* jueves, 13 de junio de 2024 19:19 *Para:* debian-cd@lists.debian.org *Cc:* juanmanue...@hotmail.com *Asunto:* Re: verify debian12 signature On 13/06/24 at 08:54, Thomas Schmitt wrote: Then i'd compute the SHA256 of the .iso file sha256sum debian-12.5.0-amd64-netinst.iso and compare it with the checksum string which is listed for the .iso file in SHA256SUMS. The comparison can be done directly by "sha256sum" command using the "-c" option. Download both .iso and SHA256SUMS files in the same directory then use this command: ~$ sha256sum --ignore-missing -c SHA256SUMS debian-12.5.0-amd64-DVD-1.iso: OK Cheers, No, of course I don't know anyone who can help you. However if you aren't comfortable with the CLI (Command Line Interface) and you want to install Debian on your PC then you need a friend that already did that *or* you need a book to start with. You can find a friend looking for a LUG (Linux User Group) near to the town where you live. e.g. in Google search for: "linux user group Spain" or "linux user group Madrid" You can read this book: https://lescahiersdudebutant.arpinux.org/bookworm-en/ or if you like to go further, this: https://debian-handbook.info/browse/stable/index.html There are also the on-line Debian's docs suitable for beginners: https://www.debian.org/doc/ Good luck! -- Franco Martelli
Re: verify debian12 signature
On 13/06/24 at 08:54, Thomas Schmitt wrote: Then i'd compute the SHA256 of the .iso file sha256sum debian-12.5.0-amd64-netinst.iso and compare it with the checksum string which is listed for the .iso file in SHA256SUMS. The comparison can be done directly by "sha256sum" command using the "-c" option. Download both .iso and SHA256SUMS files in the same directory then use this command: ~$ sha256sum --ignore-missing -c SHA256SUMS debian-12.5.0-amd64-DVD-1.iso: OK Cheers, -- Franco Martelli
Re: verify debian12 signature
Hi, Juan Manuel wrote: > I have downloaded the latest version of debian12. I > have the GNU4win program with kleopatra but I don't know how to check the > digital signature. Do i get it right that you have an MS-Windows system ? (And that by "GNU4win" you mean "GPG4win" ?) If so, you need a program to compute a SHA256 or SHA512 checksum from the downloaded .iso file and a program to verify the corresponding SHA*SUMS file by its SHA*SUMS.sign file. I'm not a user of MS-Windows, so i cannot recommend any software for those tasks. If no other way would be to see, i'd consider to install WSL and to do the verification by its help. https://wiki.debian.org/InstallingDebianOn/Microsoft/Windows/SubsystemForLinux In a Debian provided shell i would then do: gpg --verify SHA256SUMS.sign SHA256SUMS which should yield one of the key fingerprints as listed on https://www.debian.org/CD/verify Important will be these result statements: "Good signature from" ... "Debian" ... "Primary key fingerprint:" ... one of the listed fingerprints ... Then i'd compute the SHA256 of the .iso file sha256sum debian-12.5.0-amd64-netinst.iso and compare it with the checksum string which is listed for the .iso file in SHA256SUMS. Alternative ideas: Maybe you can perform the .sign check similar to what https://docs.oracle.com/cd/E17952_01/mysql-5.7-en/checking-gpg-signature-windows.html proposes for "mysql-installer-community-5.7.44.msi" as payload file (yours would be SHA256SUMS) and "mysql-installer-community-5.7.44.msi.asc" as detached signature file (yours: SHA256SUMS.sign). This page https://3d-imaging.co.uk/blog/verifying-sig-files-with-gpgp4win/ states that GPG4win would offer the command line tool to run gpg --verify gpg4win*.exe.sig gpg4win*.exe (You'd just use file names SHA256SUMS.sign SHA256SUMS instead.) As for computing the SHA256 sum of the .iso, i find on https://www.pctipp.ch/praxis/windows-10/windows-10-sha256-hash-bordmitteln-pruefen-2507915.html a proposal for PowerShell, which in your case would look like: Get-Filehash debian-12.5.0-amd64-netinst.iso -Algorithm SHA256 Have a nice day :) Thomas
verify debian12 signature
Hello my Name Is Juan. I have downloaded the latest version of debian12. I have the GNU4win program with kleopatra but I don't know how to check the digital signature. I have tried everything, I have watched videos, I have read the official documentation, but it is very complicated to understand. You can help? Thank you