I am trying to verify 'VirtualBox-6.1.26-145957-Win.exe'.
I ran this in powershell because I don't have a cool text editor for windows.
Code: Select all
Get-Content -Encoding Byte -TotalCount 100 foo.asc |% {Write-Host (" {0:x2} " -f $_) -NoNewline };
2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 47 50 20 50 55 42 4c 49 43 20 4b 45 59 20 42 4c 4f 43 4b 2d 2d 2d 2d 2d 0d 0a 56 65 72 73 69 6f 6e 3a 20 47 6e 75 50 47 20 76 31 2e 34 2e 39 20 28 47 4e 55 2f 4c 69 6e 75 78 29 0d 0a 0d 0a 6d 51 47 69 42 45 76 79 30 4c 41 52 42 41 43 50 42 48 31 41 55 76 36 6b 72
gpg2 --verify foo.asc SHA256SUMS.txt
I also imported successfully (key).
I thought that verifying against signature would tell me that no one messed with the sha256sum posted on the website. Then I could trust the sha .
There is not a .sig but am told by the internet .asc is same thing but different format.
I get either unexpected error or data when I run that command to verify.
I can't post my links for foo.asc and sha256sum.txt because I am a new member and it blocked me.
I try to go through this process because of what happened to the linux mint guy. They messed with his site.
Please assist and/or let me know if I am doing something wrong.
Thanks - roboloki