Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-11 23:39:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Explicitly state desired outcomes for the sake of completeness

Browse Source
This commit is contained in:
Andrew David Wong 2022-07-20 23:09:39 -07:00
parent 2e3c43c836
commit 0cc7b4fe99
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
project-security/verifying-signatures.md
View File

@ -610,8 +610,9 @@ The output should look something like this:
5791285248 bytes (5.8 GB, 5.4 GiB) copied, 76.3369 s, 75.9 MB/s
```
(Note that your actual SHA-256 hash value and byte number will depend on which
Qubes ISO you're using. This is just an example.)
Note that your actual SHA-256 hash value and byte number will depend on which
Qubes ISO you're using. This is just an example. Your SHA-256 hash value should
match the hash value of your genuine original Qubes ISO.
Now, reading the number of bytes directly from the ISO is fine, but you may be
concerned that a sufficiently sophisticated adversary may have compromised the
@ -674,7 +675,9 @@ is using shell redirection in order to use data from your USB drive as the
Remember that you still must have properly imported and trusted the
[QMSK](#how-to-import-and-authenticate-the-qubes-master-signing-key) and
appropriate [RSK](#how-to-import-and-authenticate-release-signing-keys) in
order for this to work.
order for this to work. You should receive a `Good signature` message for the
appropriate RSK, which should be signed by a copy of the QMSK that you
previously confirmed to be genuine.
## How to verify signatures on Git repository tags and commits