How to Verify ISO images

Using Gpg4win in Windows 

First you need to download the singing key of the iso file you downloaded, usually the key ends with a suffix .sig.
To check for integrity and authenticity, the signature file - hence the file with the ending .sig.asc.p7s or .pem - and the signed original file (original file) must be in the same file folder. Select the signature file and select the entry Decrypt and check from the Windows Explorer context menu:
You will see the following window:
Under Enter file, Kleopatra shows the full path to your selected signature file.
The option Input file is a separate signature is activated since you have signed your original file (here: Signed file) with the input file. Kleopatra will automatically find the associated signed original file in the same file folder.
The same path is also automatically selected for the Ouput folder. It only becomes relevant however once you are processing more than one file simultaneously.
Confirm the operations with [Decrypt/Check].
Following a successful check of the signature, the following window appears:
The result shows that the signature is correct - therefore you can be sure that the file's integrity has been preserved and therefore the file has not been modified.
Even if only one character is added to the original file, or is deleted or modified, the signature will be shown as having been broken (Kleopatra displays the result as a red warning):

No comments:

Post a Comment

Subscribe to: Posts (Atom)