[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Help users to verify their downloads
|
From: |
Andreas Grapentin |
|
Subject: |
Re: [GNU-linux-libre] Help users to verify their downloads |
|
Date: |
Tue, 19 Jun 2018 07:45:40 +0200 |
|
User-agent: |
Mutt/1.10.0 (2018-05-17) |
> so in short, checksums only verify that a download was received in tact
> without
> error, while a GPG signature verifyies the authenticity of the person who
> published it - the level of confidence that i suspect this thread was asking
> for
> can only be provided by a signature - checksums are far less significant and
> indeed optional when a signature is provuded; as the signature verifies the
> file's integrity also
I would like to add here that is quite common to sign the *checksum* of
a file, instead of the file itself. Since creating the signature is
computationally more expensive than (most) checksum algorithms, this
reduces the system load on both sides of the trust chain, while
providing basically the same result.
-A
--
------------------------------------------------------------------------------
my GPG Public Key: https://files.grapentin.org/.gpg/public.key
------------------------------------------------------------------------------
signature.asc
Description: PGP signature
- [GNU-linux-libre] Help users to verify their downloads, Donald Robertson, 2018/06/18
- Re: [GNU-linux-libre] Help users to verify their downloads, Ludovic Courtès, 2018/06/20
- Re: [GNU-linux-libre] Help users to verify their downloads, Donald Robertson, 2018/06/20
- Re: [GNU-linux-libre] Help users to verify their downloads, Denis 'GNUtoo' Carikli, 2018/06/24
- Re: [GNU-linux-libre] Help users to verify their downloads, Dmitry Samoyloff, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, bill-auger, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, Jean Louis, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, bill-auger, 2018/06/25