Debian Installation :: "Signing Keys" / Verify The File With MD-5, SHA-256?
Mar 31, 2011
Anyone attempting to install Debian Squeeze from CD-1, or Debian-live DVD will want to know how to verify the file with MD-5, SHA-256 and (available for some versions only) SHA-512 checksums of the iso images, using the appropriate signing key. But there are no instructions that I can find in the Debian CD FAQ, which simply points users at the archive keyring. Now according to this message, as of 9 Feb 2011 the Debian Squeeze archive signing key has fingerprint 9FED 2BCB DCD2 9CDF 7626 78CB AED4 B06F 4730 41FA
The Debian signing key website gives the archive signing key as the master key, and (this addresses the problem I raised elsewhere) even makes it available via https. That sounds good! Just one problem: the detached signatures for files such as url
which gives the SHA-256 sum for url
have been signed with a different key, which has fingerprint DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
No wonder I am confused! And it seems that I may not be the only one; others seem to be confused also.
If no-one at the Debian mailing list can explain what is going on, I have little hope that anyone here will be able to clear this up, but I'll ask anyway: what are all the Debian related GPG keys and where do you find them all? is it true that there are different keys needed to verify CD iso images and debs? (And... what else?) where do you go to obtain all the lastest Debian keys via https? (This is important as it can hinder MITM attacks by lone crackers, assorted crooks, maybe even state actors, etc.; the "Comodogate" story provides clear evidence that there are people or organizations interested in mounting MITM attacks on persons downloading open-source software). in particular, it is sometimes convenient to use a live-CD to download an iso image (for example, when you no longer trust the system you are trying to upgrade!) and then one wants to use GPG to check the file with the checksum, so one needs to quickly locate and import into the GPG keyring of the (temporary) live-CD session the correct key; so where can I find the CD-signing key availalble via https? shouldn't the CD FAQ explain all this?
View 5 Replies
ADVERTISEMENT
May 14, 2011
Initially I had a problem installing restricted extras. However, it appears the problem is more than a media problem, so I moved my thread here. I copied over what I thought the relevant code was from my previous thread. Anyone have ideas on how I can fix this?
Code:
onoku@onoku-MacBook:~$ sudo apt-get update && sudo apt-get upgrade
[sudo] password for onoku:
[code]....
View 9 Replies
View Related
Jun 9, 2015
I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?
Here is a step-by-step description:
Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using:
$ openssl req -noout -text -in server.csr
View 2 Replies
View Related
Sep 7, 2010
how to verify if the file is binary or text without to open the file
View 2 Replies
View Related
Mar 21, 2011
In the kde realm, with the dolphin file browser, I can open a terminal in whatever folder is in the gui by using the shift and f4 keys. I'd like to be able to accomplish the same in gnome with the nautilus file browser but can't figure out how to do same. So far I have to open a terminal and then cd to the desired folder. Or do I have to use some other file browser and which one?
View 2 Replies
View Related
Sep 1, 2011
I have a large file that I copied. (very large).What is the best way to verify the copy is an exact match?md5sum or is there better?
View 1 Replies
View Related
Aug 5, 2010
Is there a program available which will check and verify a downloaded file. Ubuntu has gtkhash and Mandriva uses Parano. I know how to Md5 using the command line, but gui software would be a bonus.
View 4 Replies
View Related
Jan 7, 2010
I used 7z to create a multi-volume 7z archive file with 0 compression rate. with this command:
Code:
7z a -t7z -v1g -mx0 /home/movies/documents.7z /home/documents
a stands for add
t stands for type definition
7z stands for 7z archive type
[Code].....
View 3 Replies
View Related
Jun 10, 2010
I know the who belongs to the IP address that created the file. (is there any way to verify what IP address created what file?) My concern is that it did not come from the address specified. I found this in /tmp/udp.pl.
[code]...
View 1 Replies
View Related
Mar 26, 2011
I have been trying to figure out some way of installing Squeeze with some assurance that the new installation won't be pwned from Day One--- and so far I have had no success. Even worse, I have been having some strange problems using SSL in my existing Lenny installation which has been further hampering my efforts. And which may be consistent with the hypothesis that I am in fact being subjected to an on-going MITM attack when I try to install Squeeze over the net. This possibility has encouraged me to keep trying to take reasonable steps to ensure that key binaries in my forthcoming Squeeze have not been tampered with by the time I finish the initial installation. I am seeking steps that can be taken by an average user willing to follow directions written by an expert user.
I found a very interesting recent Debian Security mailing list thread which articulates some of the same concerns that I tried to express several weeks ago. The scenarios which concern Naja Melan and myself (and ???) should not simply be dismissed as too implausible to be worth trying to prevent. I think Melan's thread is rather prescient in view of "Comodogate":http://arstechnica.com/security/news/20 ... estion.ars https://www.eff.org/deeplinks/2011/03/i ... lent-https http://www.wired.com/threatlevel/2011/0 ... ompromise/ http://www.theregister.co.uk/2011/03/23 ... forgeries/ http://blogs.comodo.com/it-security/dat ... ompromise/ http://www.techeye.net/security/firefox ... rtificatesOne of the fake certs acquired by the bad guys would have enabled them to mount a MITM attack on anyone trying to install updates to Iceweasel/Firefox add-ons via addons.mozilla.org, which I think certainly suggests that the alleged state actor intended to tamper with at least some software.
(EDIT: important new developments in that story:http://erratasec.blogspot.com/2011/03/c ... festo.html http://www.thetechherald.com/article.ph ... y-attacker http://www.theregister.co.uk/2011/03/28 ... aks_cover/ http://arstechnica.com/security/news/20 ... o-hack.arsBriefly, an anon who claims to be Iranian and who claims to have acted alone, and who suggests that he has some connection with political dissidents inside Iran, has claimed to have been the Comodo affiliate cracker. At least one pentester finds the claim plausible. It woudl explain several aspects of the breach which did not appear consistent with Comodo's conclusion that the breach was sponsored by the Iranian government.)
View 5 Replies
View Related
Sep 11, 2011
I'm using Openbox, and I'm working on some scripts to automatically change several things at once (wallpaper, theme, idesk icons, wbar, etc), and I've started with a simple script for changing the wallpaper. I have three different scripts, each one connected to a different wallpaper. The scripts are in my /usr/bin file, so I just have to type the script name and it goes. Trouble is, I've tried assigning it to a keybinding in Openbox's rc.xml, and I can't seem to get them to work.
Here's one of them:
<keybind key="C-F10">
<action name="Execute">
<command>steampunk</command>
</action>
</keybind>
It's supposed to make it so I type ctrl+F10 to switch to a steampunk wallpaper I have. I can do the script from the command prompt, but I can't get the keybinding to work. Anybody know why? Will Openbox not allow for scripts to be in the rc.xml file?
View 3 Replies
View Related
Aug 5, 2010
How to verify that Debian is running at 100 Mbps or 1000 Mbps? I can view the report from 'ifconfig eth0' but I can't see how fast the link has been established.
View 2 Replies
View Related
Mar 3, 2011
I'm trying to install Ubuntu 10.10 on a computer that's already running Windows Vista. I used the Wubi installer and it seemed to go through the installation fine (using the desktop, amd64 iso file). After rebooting, I get the dual boot option. However, on Ubuntu start-up, I get a display with the message stating Verifying Installation Files. It seems to go through some verification, but then it gets stuck. I see a bunch of lines with the words "ubuntu ubiquity" with hexadecimal values and regular words. The last hexadecimal values to appear are: 7f2698c50d8e, 7f2698fca815; the last regular word is "_target".
If I quit out of the verification, I am able to get onto the desktop area, but a message appears stating a parted_server crash occured. Also, my wireless connection doesn't work, but I suspect I need to install a driver.
View 2 Replies
View Related
Sep 13, 2009
I just downloaded the "Fedora-11-i686-Live-KDE.iso" and "Fedora-11-i686-Live.iso". I want to check if the downloaded files correct or not. I can use a tool to get the md5 sum of the downloaded files. But I want to compare them with the original ones.
View 6 Replies
View Related
Jun 1, 2010
I want to verify that serial port libraries are installed in my system.I know that it is installed at /usr/local/lib. But I dont know what all files are to be present in there, so to ensure that the same is installed properly. Iam using suse 11.1.
View 1 Replies
View Related
Jun 5, 2010
i tried to install f13 from live cd and failed. i have 2 questions. i do not understand how to setup partitions according to scottro's message. It says you need small ext3-formatted /boot partion and a ext4-formatted root partition. Does this configuration have to be setup before you boot into the live cd? If so, please tell me how to set this up. my pc is pentium d with 2 hard drives. The master hd is has xp, ubuntu8.04, and swap partitions. I would like to use one-half of the slave drive for f13.
Second question. I would like to be able to verify download of fedora-13-i686.iso. I downloaded it to my xp partition and installed Windows MD5summer. Where or how do i get the md5 file for this iso file?
View 14 Replies
View Related
Sep 24, 2010
I am trying to install javain my machine but dont think its happening.
Now when i verify my java installation online on java website it show missing plugin.
View 14 Replies
View Related
Jul 2, 2010
I have had to ditch ubuntu after 4 happy years as their 10.04 release was crazily resource hungry on my humble machine. Installed F13 smoothly and without any problems and so far it doesn't appear to be as resource hungry as ubuntu. One thing I have not been able to find in either gnome preferences or administration is where to set it to go straight to desktop without messing around with passwords and stuff.
View 3 Replies
View Related
Jan 18, 2010
Recently jumped from Ubuntu to Fedora 12 over the weekend, has been quite the bumpy ride. Though fun of course. But I'm having trouble coming to a solution for this problem, that started today. When signing into both Empathy or Pidgin (only with msn account) they both just hang on the white screen inactive... I say "inactive" the program hasn't frozen I just cannot be signed in. Also, in Pidgin at the bottom, next to where it shows your status, it has;
"Available - Waiting for network connection"
View 3 Replies
View Related
Jan 9, 2011
I am interested in signing up to the Amazon EC2 service with EBS. I have never used a unmanaged vps before, but I know how to use the command line etc. There are some basic packs on there to use, with basic LAMP stacks. But I would like to ask about how do I:
Upgrade a lamp stack? - someone mentioned yum, but what is this? how easy is it to use? is it enough? secure the lamp stack? - assuming I have no idea of linux security, can you give me a list or something of things I need to consider so I can begin the search (or just cover the steps would be awesome!) My website just uses php and mysql, so thats all i'll need. If you have any other tips on this,
View 1 Replies
View Related
Aug 11, 2010
Running graphical software update, fc13. Attached are screenshots, which appear in sequence. The first seems to be asking if I trust the source, Adobe. (The Help for this window says I can go to the adobe website to confirm details of the signing key, which I will do if there is not a simpler fix.) If I respond in affirmative to the first window I get the failure window, second shot, with traceback.
View 5 Replies
View Related
Feb 1, 2011
Is there any way to protect a bash script with a digital signature, so that it can't be executed if it has been meddled with? Or, if this is not possible for bash scripts, is it possible for any other type of scripts (Python, Perl?) in Linux?
View 5 Replies
View Related
Feb 23, 2010
So Pidgin was workign just fine in Ubuntu Studio karmic... After i Changed my password for my msn IM for security reasons it just woun't sign me in.
Iv tried so many times, my pass is correct... But i keep getting this message
"NEW MSN account
Authentication failed
Edit Account"
View 2 Replies
View Related
Aug 30, 2009
I have configured squid 2.5 stable 6. I can browse any website. I can even use msn messenger but I cannot use yahoo messenger. I have also set the http proxy settings in preference for yahoo messenger but still it does not sign in.
View 6 Replies
View Related
Apr 17, 2010
I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I guess it's a weird mapping problem.
Any idea how I could remap them to the original meaning?
View 2 Replies
View Related
Jun 27, 2011
Just wondering if Ubuntu has an Accessibility equivalent for sticky keys and mouse keys.
View 1 Replies
View Related
Feb 25, 2010
I would like to encrypt and decrypt zip file using OpenSSL keys. I have generated the keys and can encrypt normal text files but if I try to encrypt the zip file, I get error: "Error reading input Data" Following is what I have done.
generate keys:
Code:
openssl genrsa 4096 > private-key.pem
openssl rsa -pubout < private-key.pem
openssl rsa -pubout < private-key.pem > public-key.pem
encrypt the file:
Code:
openssl rsautl -encrypt -pubin -inkey public-key.pem -in test.zip test.zip.encrypted
I must use public/ private key pair (without any password) and I must use OpenSSL. But I can use any algorithm other than RSA (not sure which one to use and how).
View 3 Replies
View Related
Apr 7, 2011
I'm running Debian (Squeeze) and I have a toshiba portege m700. It has five buttons on the front just under the screen, which are the only ones accessible when you flip the screen over into tablet mode. One of them is for rotating the screen, and another is for switching to external display. I want to remap the remaining three to control, alt and super so that I can use shortcuts with the stylusThe problem is, when I used showkey to find out the key codes, I found out that each button generates more than one key code:Button 1:
key 126 press >> super_r, although this is distinct from the actual super key (125)
key 7 press >> 6
key 7 release
key 126 release
View 4 Replies
View Related
Jun 16, 2010
I've been trying to find out which jabber/XMPP clients out there automatically sign messages with openpgp you send but documentation on that has been spotty. Could you tell me a. if you know any clients that can easily sign and encrypt all outgoing messages and b. should I worry if a client is only able to sign presence and not messages?
View 1 Replies
View Related
Mar 16, 2011
I am trying to lock down a server using audit.rules. I intend to use ausearch to review certain entries from time to time. I noticed that it's possible to assign a "key" to each rule and then use `ausearch -k` to show only the records that have that key.Unfortunately, the key feature seems broken. I started with the following rule in audit.rules:
Code:
-a always,exit -F arch=b64 -S open -S openat -F exit=-EACCES -k deny
I do a `cat /etc/shadow` and a `ausearch -ts today -k deny` and it seems all went well.
[code]....
View 8 Replies
View Related
