verifying virtualbox gpg

This is for discussing general topics about how to use VirtualBox.
Post Reply
roboloki
Posts: 4
Joined: 12. Aug 2021, 01:15

verifying virtualbox gpg

Post by roboloki »

Hi all-

I am trying to verify 'VirtualBox-6.1.26-145957-Win.exe'.

I ran this in powershell because I don't have a cool text editor for windows.

Code: Select all

 Get-Content -Encoding Byte -TotalCount 100 foo.asc |% {Write-Host (" {0:x2} " -f $_) -NoNewline };
 2d  2d  2d  2d  2d  42  45  47  49  4e  20  50  47  50  20  50  55  42  4c  49  43  20  4b  45  59  20  42  4c  4f  43  4b  2d  2d  2d  2d  2d  0d  0a  56  65  72  73  69  6f  6e  3a  20  47  6e  75  50  47  20  76  31  2e  34  2e  39  20  28  47  4e  55  2f  4c  69  6e  75  78  29  0d  0a  0d  0a  6d  51  47  69  42  45  76  79  30  4c  41  52  42  41  43  50  42  48  31  41  55  76  36  6b  72
It is windows encoding.

gpg2 --verify foo.asc SHA256SUMS.txt

I also imported successfully (key).

I thought that verifying against signature would tell me that no one messed with the sha256sum posted on the website. Then I could trust the sha .
There is not a .sig but am told by the internet .asc is same thing but different format.
I get either unexpected error or data when I run that command to verify.

I can't post my links for foo.asc and sha256sum.txt because I am a new member and it blocked me.
I try to go through this process because of what happened to the linux mint guy. They messed with his site.

Please assist and/or let me know if I am doing something wrong.

Thanks - roboloki
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: verifying virtualbox gpg

Post by scottgus1 »

I don't know if it fits your procedure, but there are sha256 hashes here: https://www.virtualbox.org/download/has ... SHA256SUMS
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: verifying virtualbox gpg

Post by fth0 »

Windows binaries are signed using Microsoft Authenticode Code Signing, not PGP/GPG.
Post Reply