tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Verify the downloaded files integrity
Date Fri, 27 Jul 2007 19:44:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Varuna,

Varuna Seneviratna wrote:
> I want to know how verify the downloaded Tomcat .zip version's integrity
> using pgp keys and cheksums

Mladen Turk already answered that question in 2007-07-26 at 14:25. He
then pointed you to http://httpd.apache.org/download.cgi#verify in a
subsequent message.

> and what is the theory behind it

The theory is that each file has a cryptographic signature generated and
then both the file and the signature (found in the KEYS file) are made
available for download.

After you download a file from a mirror, you can get the KEYS file from
the official site and then run your own cryptographic signature on the
file and compare it to the official KEYS. If they do not match, then you
know that the file you got from the mirror is corrupted or, worse, booby
trapped.

Apache uses GnuPG to sign their files. If you don't have GnuPG, you can
use your own MD5-checksum-generating program to check the file against
the file's MD5 sum (usually found in original_file.md5 in the same
directory where you downloaded the original file).

Both procedures are covered in the page Mladen provided.

If you want to learn about GnuPGP, then google GnuPG and read all about
it. If you want to learn about MD5, then google MD5 (or look it up in
Wikipedia) and read all about it.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGqksC9CaO5/Lv0PARAr7dAJ4q/xmL5gV39SiwGydmlotIAehQSQCdFrO8
XfoYJ6E2vwvCjGkdrL0rDis=
=pMuh
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message