Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-28 00:39:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Note that digests are an alternative verification method

Browse Source
This commit is contained in:
Andrew David Wong 2016-10-01 12:25:43 -07:00
parent a2cbc7d5d2
commit 7fb60a67b2
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
installing/verifying-signatures.md
View File

@ -188,10 +188,15 @@ release signing key and see this thread:
Verifying Digests
-----------------
Each ISO is accompanied by a plain text file ending in `.DIGESTS`. This file
contains the output of running several different crytographic hash functions on
the ISO in order to obtain alphanumeric outputs known as "digests." For
example, `Qubes-R3.1-x86_64.iso` is accompanied by
Each ISO is also accompanied by a plain text file ending in `.DIGESTS`. This
file contains the output of running several different crytographic hash
functions on the ISO in order to obtain alphanumeric outputs known as "digests."
These digests are provided as an alternative verification method to PGP
signatures (though the digests themselves are also PGP-signed -- see below). If
you've already verified the signatures on the ISO directly, then verifying
digests is not necessary.
For example, `Qubes-R3.1-x86_64.iso` is accompanied by
`Qubes-R3.1-x86_64.iso.DIGESTS` which has the following content:
-----BEGIN PGP SIGNED MESSAGE-----