Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to use SHA256 to verify downloaded files in Linux system

2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly explains "in the Linux system how to use SHA256 to verify downloaded files", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "in the Linux system how to use SHA256 to verify downloaded files" bar!

When you download an ISO image, especially from many unknown seeds on the BitTorrent network, it is usually recommended to verify the integrity of the download image.

In the case of Ubuntu distributions, Canonical provides several verification files (such as MD5SUM, SHA1SUMS, and SHA256SUMS) for verification. In this example, we use SHA256SUMS.

First, download the following two files.

The code is as follows:

$wget http://releases.ubuntu.com/14.10/SHA256SUMS

$wget http://releases.ubuntu.com/14.10/SHA256SUMS.gpg

The first file is the SHA256 verification file of the ISO image, and the second file (* .gpg) is the signature of the verification file. The purpose of the second document is to verify the validity of the verification document itself.

We verify the validity of the SHA256SUMS file by running the following command.

The code is as follows:

$gpg-verify SHA256SUMS.gpg SHA256SUMS

Gpg: Signature made Thu 23 Oct 2014 09:36:00 AM EDT using DSA key ID FBB75451

Gpg: Can't check signature: public key not found

If you get the above error message, it is because you have not imported the public key that generated this signature. So we now import the public key we need.

Before you do this, you need to know the "key ID" of the public key, which is shown in the output of the gpg command above. In this example, the key ID is "FBB75451". Run the following command to import the public key from the official Ubuntu key server.

The code is as follows:

$gpg-keyserver hkp://keyserver.ubuntu.com-recv-keys FBB75451

Now that the public key has been imported, we can continue and rerun the previous command to verify the signature.

The code is as follows:

Gpg-verify SHA256SUMS.gpg SHA256SUMS

You didn't see the error message "public key not found" this time. If the SHA256SUMS file is valid, you will see the message "Good signature from". Notice that you also see a "This key is not certified with a trusted signature" warning message. Basically, this warning message tells you that there is no explicit trust in the imported public key. To avoid this warning, you can choose to specify full trust in the imported public key, but you should do so only after you have reviewed the key in other ways. Otherwise, you can ignore this warning for a while.

After verifying the integrity of the SHA256SUMS file, the final step is to compare the SHA256 checksum of the downloaded ISO file with the corresponding check value in the SHA256SUMS file. You can use the sha256sum command line tool to complete this step.

For convenience, the following command compares the SHA256 verification and reports the results.

The code is as follows:

$sha256sum-c

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report