I am not a person to explain all the cryptographic theory that works behind pgp and chksum methods..Because I got only a C grade in the last endsem in the cryptography paper..But I can explain you how to use this tools.
When you download a zipped file you can get its corresponding chksum(MD5,sha1sum , sha224sum sha256sum ,sha384sum, sha512sum and so and so.)It will be basically a line which looks something like this
959bdb934e3a72d256bfbd0122d996a73adb5d1f gnupg-2.0.9.tar.bz2
Now just create a text file ,give some name to it say a.txt and copy the above line to it.Place the file in the same folder which contains the zipped part.Invoke the terminal(of course in linux systems) and type
md5sum --check a.txt
or
sha1sum --check a.txt
so and so depending upon the sum that u received.If ur zipped file is untampered it will return 'OK'.
So thats all about Checksum checking.
now to check signatures.
Download the signature.say let the file that contains the signature be xxxxxxxxxx.xx.sig.
Place the signature in the same folder which contains the downloaded file.
Run " gpg --verify xxxxxxxxxx.xx.sig ". If everything is fine u should get an OK message.
Thats for now......
Bye,
RK
No comments:
Post a Comment