Quote:
Originally Posted by jggimi
That is a private (secret) key.
|
I apologize for the confusion. What I need is the public portion of the signing key that can be retrieved from pgp.mit.edu or any publicly-hosted keyserver. However....(see below)
Quote:
Originally Posted by jggimi
Using signify(1), only.
|
Quote:
Originally Posted by jggimi
It does not use gpg or any other external crypto framework you have used with other OSes. At all.
|
Finally, the clarification that the ISO images can't be verified using GPG tools. This has not been made explicitly clear in the FAQs and man pages.
Quote:
Originally Posted by jggimi
|
Thanks for the suggestion. But I'm technically challenged. I don't have a diploma or degree in IT or computer science.
Quote:
Originally Posted by jggimi
Install OpenBSD twice. Once, without the signify crypto framework available to you. Then reinstall, the second time using it.
|
That's the suggestion that I'm gonna try. In fact I don't have to install it twice. The first time I install OpenBSD is without the verification using signify.
When I am in OpenBSD OS, I will use signify to verify my earlier downloaded ISO image. If it passes verification, I won't need to reinstall the OS a second time. If it fails, I will have to download the ISO image from another mirror and use the signify app that is on the already installed OpenBSD OS to verify the second-time download.
Quote:
Originally Posted by jggimi
Install OpenBSD once, using the unsigned but quite valid SHA256 cryptographic hashes. Download them from an alternate mirror, to be sure the men-in-black haven't corrupted the mirror where you downloaded your ISO, or kernels and filesets.
|
For your info, the men-in-black are capable of corrupting all the mirrors of any Linux distro. Take Gentoo for example. One of their apps was infected with a backdoor and all of their mirrors contained the same infected file.
On a side note, I read somewhere that the NSA was planning to create 6,000 IT experts annually.