Ok sorry didn't know about the top posting thing, will be sure not to do
it. My Qubes installer has been verified! Yay! thanks to everyone for
your help!
On Mon, Aug 19, 2019 at 12:16 PM unman wrote:
> On Sun, Aug 18, 2019 at 01:32:51PM -0700, O K wrote:
> > But what I don't understand is
On Sun, Aug 18, 2019 at 01:32:51PM -0700, O K wrote:
> But what I don't understand is how to get the fingerprint of the master key
> that I downloaded, so I can compare it to the ones online. The number in
> the text is much longer than the fingerprint.
>
> On Sunday, August 18, 2019 at
O K you have asked many different questions as you have proceeded, and I
don't have a problem with that. At this point, you are asking the same
question as this thread. I direct yo to the stack exchange link in that
thread, which does ask other questons but they hinge on the answer to the
*On Sunday, August 18, 2019 at 1:20:30 PM UTC-7, O K wrote:*
>
> *Ok, I figured out the difference between sha and other process and I
> guess it would be better to use the other process. I found some good
> instructions along with qubes instructions so I will try to implement
> those.
But what I don't understand is how to get the fingerprint of the master key
that I downloaded, so I can compare it to the ones online. The number in
the text is much longer than the fingerprint.
On Sunday, August 18, 2019 at 1:43:41 PM UTC-4, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED
Ok, I figured out the difference between sha and other process and I guess
it would be better to use the other process. I found some good
instructions along with qubes instructions so I will try to implement
those. Thanks.
On Sunday, August 18, 2019 at 1:43:41 PM UTC-4, Andrew David Wong
Yeah, I just want to know how to get the actual SHA-256 of the Qubes ISO.
I don't know how to use DIGESTS. Is verifying the master file and sig
file a different process than comparing the sha-256? Do they provide the
same level of security. Sorry, I know it's a pain bc I don't know much,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 18/08/2019 11.56 AM, O K wrote:
> Well the issue is the computer doesn't have access to internet at
> the moment. I have the sig file, master key file, and the iso, I
> just want to know if there is some way to go through the whole
> process of
Well the issue is the computer doesn't have access to internet at the
moment. I have the sig file, master key file, and the iso, I just want to
know if there is some way to go through the whole process of verification
without the internet, by just checking numbers manually.
On Saturday,
The process is to verify the Qubes ISO signature is correct, and not to
trust a SHA256 checksum posted on the same website hosting the file. The
hash only confirms the integrity and not the validity of the file (which
may be infected). It's a security theater exercise we're used to doing
10 matches
Mail list logo
