|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
Where to download public key files?
According to 3.5 "Verifying your download" (hxxp://w.w.w.openbsd.org/faq/faq3.html#Verify) I need the public key files and the signify program.
Where can I download them? Moreover I am using Debian stable. P.S.: I'm only allowed to post URLs once I have made at least 5 posts. |
|
||||
Hello, and welcome!
OpenBSD's source code for signify(1) is located in its source tree, at src/usr.bin/signify -- and it is dependent upon both OpenBSD's libc and libutil. These libraries are also in the source tree, at src/lib/{libc,libutil}. The source code for 5.5-release can be obtained four ways:
I think that porting the signify utility to Debian would be a more difficult and complicated task than running the OpenBSD's installation/rescue system. This is a kernel that includes a small root filesystem in RAM that includes the signify utility. OpenBSD did not have the utility until 5.5. For all previous releases, we verified installation binaries only with checksums -- we did not have cryptographic hashes to verify against keys. Last edited by jggimi; 5th July 2014 at 10:07 AM. Reason: corrected flavor description of the OPENBSD_5_5 tag |
|
|||
Are the public key files available in *.asc format?
Users who plan to migrate their existing platform from Microsoft OS, Debian or Ubuntu to OpenBSD may have difficulty in using the signify utility to verify OpenBSD's ISOs.
Where can I download the signing key (in the form of .asc) for install55.iso? With the .asc file, I can then use gpg4win under Microsoft Windows to verify install55.iso. |
|
|||
If you are truly worried by this:
Install OpenBSD on a machine. Download and verify a new bsd.rd from your mirror of choice. Boot into the new bsd.rd and blast away your original install (choose (I)nstall instead of (U)pgrade from the bsd.rd menu just like you did the first time). Now you're in the signify loop. Last edited by ibara; 12th July 2014 at 06:11 PM. |
|
||||
This is because this is the first release to contain signify(1), and the OpenBSD Project has not developed a Portable Signify. The Project might do that in the future, but if so (in my opinion) they are unlikely to use PGP, GPG, X.509, or any other external cryptographic framework, since signify(1) was designed to eliminate the need for them.
|
|
||||
About 2 hours ago, Bob Beck (beck@) posted on Twitter that, in support of Portable LibreSSL, a version of signify has been ported to Linux.
|
Tags |
public key, signify, verify |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Using public keys for SSH authentication | amrogers3 | OpenBSD General | 12 | 14th November 2011 12:10 AM |
secure ssh with public key | milo974 | OpenBSD Security | 11 | 9th July 2008 04:52 PM |
Apache on two servers but one public IP | marco64 | General software and network | 2 | 4th June 2008 07:29 PM |
OS to run in a public computer? | Sunnz | Off-Topic | 31 | 23rd May 2008 05:47 PM |