Verifying authenticity of Debian CDs
Published:
Updated:
The official guide for verifying the authenticity of a Debian 🍥 CD image is not so clear if you don't already have an idea about what you are doing. Here is a translation in terms of shell commands.
You need to download:
- the image (such as
debian-8.0.0-amd64-CD-1.iso
); - a corresponding digest file (such as
SHA512SUMS
) but not the MD5 (MD5SUMS
) and probably not the SHA-1 (SHA1SUMS
); - the corresponding signature file (
SHA512SUMS.sign
).
Then you need to:
cat SHA512SUMS | grep debian-8.0.0-amd64-xfce-CD-1.iso | sha512sum -c - # (1)
sudo apt-get install debian-keyring # (2)
gpgv --keyring /usr/share/keyrings/debian-role-keys.gpg -vv -- \
SHA512SUMS.sign SHA512SUMS # (3)
and check that it does not spit any error.
Details:
-
This check that the downloaded file matches the digest as indicated in the
SHA512SUM
file:$ cat SHA512SUMS | grep debian-8.0.0-amd64-xfce-CD-1.iso | sha512sum -c - debian-8.0.0-amd64-xfce-CD-1.iso: OK
-
We first need to get the GPG public keys of Debian.
-
Then we need to verify the signature of the
SHA512SUMS
file:$ gpgv --keyring /usr/share/keyrings/debian-role-keys.gpg -vv -- \ SHA512SUMS.sign SHA512SUMS gpgv: armor: BEGIN PGP SIGNATURE gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux) :signature packet: algo 1, keyid DA87E80D6294BE9B version 4, created 1430005434, md5len 0, sigclass 0x00 digest algo 8, begin of digest 87 47 hashed subpkt 2 len 4 (sig created 2015-04-25) subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B) data: [4095 bits] gpgv: Signature made Sun Apr 26 01:43:54 2015 CEST using RSA key ID 6294BE9B gpgv: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" gpgv: binary signature, digest algorithm SHA256
You might want to check that the digest algorithm is not a broken hash function (not MD5, not SHA-1) but something such as SHA-256 or SHA-512. You might want to check the identity of the signed (
Debian CD signing key <debian-cd@lists.debian.org>
) as well.
Warning
Both steps (verifying the digest, verifying the signature of the digest file) are necessary in order to ensure that the file is an authentic Debian CD image.
Checking the SHA8445SUM (first step) is not enough to conclude that the CD image is the correct one because an attacker could have uploaded a malicious CD image and a corresponding digest file: we need to check that the SHA512SUMS
has not been tampered with.
Warning
You should not use the MD5SUMS
because MD5 is broken and avoid SHA1SUMS
as well.
In Fedora, the Debian keyring is shipped in the debian-keyring
package.