When it is required to verify latest releases of bind name server applications, it is required to download the isc.org latest pgp keys from https://ftp.isc.org/isc/pgpkeys/
Then follow the given procedure to verify the integrity of an ISC download using PGP.
1. Download the pgp key from the above given location and name the key file as 'KEYS' (Or whatever you want)
2. Download the tar.gz and Signatures file as required
3. Change the directory to the location where all public key, signature key file and tar.gz files are stored.
4. Import the public key using the PGP or GPG import option, e.g.: gpg --import KEYS
- Here 'KEYS' is the file which contains the public key downloaded from the key repository
gpg --import KEYS
gpg: key 4CBB3D38: "Internet Systems Consortium, Inc. (Signing key, 2019-2020) <codesign@isc.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
5. Check the integrity with gpg --verify
command
Ex.
gpg --verify bind-9.11.22.tar.gz.asc bind-9.11.22.tar.gz
gpg: Signature made 2020-08-12 01:47:02 +0530 +0530 using RSA key ID 5DACE918
gpg: Good signature from "Internet Systems Consortium, Inc. (Signing key, 2019-2020) <codesign@isc.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AE3F AC79 6711 EC59 FC00 7AA4 74BB 6B9A 4CBB 3D38
Subkey fingerprint: 95CE DA25 6B1C A0A1 5F30 2FB5 9521 A7ED 5DAC E918
Good Reference:
No comments:
Post a Comment