-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Long Wind wrote: > i have downloaded jessie CD from: > http://mirrors.lug.mtu.edu/debian-cd/8.6.0/amd64/iso-cd/ > i know how to verify MD5SUMSbut how to verify MD5SUMS.sign? > Thanks!
There should be a referenced gpg key somewhere. Quick google shows it as https://www.debian.org/CD/verify . You'll need one (or all) of the noted keys, then you can use gpg to verify the sig. The command gpg --verify MD5SUMS.sign should be good enough, assuming the public keys are on your keyring, and your web-of-trust is sufficient to validate the keys (or you've marked the keys as trusted in some manner). That being said, MD5 hashes are considered "weak" these days, and it is generally recommended to verify with SHA256 hashes instead. HTH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJaOGPvAAoJEI4R3fMSeaKBq5oH/ij1Wrqso8N8EYT2wcxNi6HR 57ZxpAYjJh02p9ywVe7Ymw+jUkyfZlEvHyATLztWplh2G+w1hp/xbr7awAnVjshr axw6efxC7q5J+HaRj7O3OzpTAW2o6WuwePwoXKl6+WjxSYoGs1u6cMebz4cHwq3I FmaqfhWUyrKLlOfRrnmbf4yKzzJKuFnz+kIzh+s0rZrzh+5PxfOl56ANavVWjDBq XYEABwzMnik0TPADGrFpW17rSoOpyuj6vujeIRycrdzie3seH2EWqBMR6BwUL58c mQlvnW7rT9aSdQf0M0dx40zfV4UB1leUAdVQqrDSmhRns3TEmBJWc4vjqDrTacc= =X0Me -----END PGP SIGNATURE----- -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
