

busterrr3x
-
Content Count
29 -
Joined
-
Last visited
About busterrr3x
-
Rank
Member
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Thank you. #1- So then what is the difference between "verifying with the .asc" & "comparing checksums"? >>> If the checksum only tells you if the download was modified while being downloaded and not whether it is the authentic image - it doesn't make sense that igor's checksum would be valid and the image is not an authentic image. #2 - Aren't we getting igor's fingerprint by running one of the commands above? #3- dead link: https://apt.armbian.com/apt/armbian.key
-
step 1: # download public key from the database gpg --keyserver ha.pool.sks-keyservers.net --recv-key DF00FAF1C577104B50BF1D0093D6889F9F0E78D5 step 2: # perform verification gpg --verify Armbian_5.18_Armada_Debian_jessie_3.10.94.img.xz.asc To help me understand better, I would like to break down my lack of understanding into simple questions, one at a time. Thank you. My understanding is that step #2 is used to show whether or not the image I downloaded is the "real image made/sent out by the developers/ software engineers". 1) Is this correct?
-
Here's my concern: I download the image iso. I have the .img image. There is malware on my computer. I want to know if malware has transferred over to the image before I install it on my micro-sd and boot up the os for first time use. sidenote: I do know that it is not easy for malware to write to an .img/iso. I have been told countless times that if malware were to write to my .img (file/image) while it sat in my download's folder, and then I ran the checksum, that the checksum would be inaccurate. Thanks!
-
When I run a checksum on both "...desktop.img.xz and .....desktop.img", the "...desktop.img.xz" matches the posted .sha doc's checksum. But when I run the "...desktop.img" checksum, it does NOT match the posted .sha doc checksum. I've always checked just the .img or .iso image against the posted checksum, never previously against the '..desktop.img.xz' image. Thx.
-
Hi Igor. I loaded the key before anything else, your key ...import, if that's what you mean. After I import your key with the command line, is there anything else I need to do, such as with my 'key management - KGpg' .... "import keys". The command said it was imported, but I don't know where to check to see if yours is there; not sure if I'm supposed to be able to see it...? Thanks.
-
Thanks Igor. As for trying to verify the signature - I'm getting closer, but apparently still doing something incorrect. I have in the same directory: the ".img" and the ".asc", and nothing else. I open a terminal there and then run the following: $ sudo gpg --verify Armbian_20.05.2_Orangepiplus2e_buster_current_5.4.43.img.xz.asc [sudo] password for b: OUTPUT: gpg: no signed data gpg: can't hash datafile: No data Or is the output for signature telling me the checksum is not valid? ======================================
-
Hi Igor, thanks. But I'm not sure I understand. I'm using buster and those links are for bionic. But I will test what I think you may be trying to say. My guess is that the best thing is to verify the checksum signature. I thought there was a link on armbian.com for that, but don't seem to be able to find it. I also recall having some trouble figuring out how to do it. Anyway, could you provide a link for instructions? Thanks