Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Verify download PGP/GPG keys

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gradius85
      last edited by

      Folks,
      I am trying to find the GPG/PGP keys to verify my download like I do with Debian/Linux; however, I am not finding what I need, which might be due to me being new to the site and service.

      I did find the following:
      https://forum.netgate.com/topic/109558/there-is-no-real-method-of-verifying-download-integrity-we-need-gpg-keys/3

      However, it is 2 years old. Due to the latter - I need some help from the community. What is Pfsense preferred way to check download authenticity?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Which file are you downloading?
        I can post the expected sha256 sum taken from our internal staging server if you wish. Though it will be identical to that on the download server AFAIK. At least it gives you something to check against.

        Steve

        G N 2 Replies Last reply Reply Quote 0
        • G
          gradius85 @stephenw10
          last edited by gradius85

          @stephenw10 said in Verify download PGP/GPG keys:

          Which file are you downloading?
          I can post the expected sha256 sum taken from our internal staging server if you wish. Though it will be identical to that on the download server AFAIK. At least it gives you something to check against.

          Steve

          Hi Steve - I was under the impression that SHA256 will check the file for errors or corruption; however, I am trying to check the authenticity of the file with signatures, which is not SHA256 method. Are the pgp/gpg keys not published?

          Thank you for your help.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            They are not. But I can give the the expected sha256 sum here for whichever file you are using so you can check the download server has not been compromised (it hasn't) or your connection subverted somehow.

            Steve

            G 1 Reply Last reply Reply Quote 0
            • G
              gradius85 @stephenw10
              last edited by

              @stephenw10 said in Verify download PGP/GPG keys:

              They are not. But I can give the the expected sha256 sum here for whichever file you are using so you can check the download server has not been compromised (it hasn't) or your connection subverted somehow.

              Steve

              Hi Steve,
              Thank you again for the help, and quick response.

              I found the page: https://files.pfsense.org/hashes/ and if the 'sha' sums are the same - then I do not not want to trouble you and further. I will be testing and working with pfsense tomorrow, and see if it meets the requirements for my intended deployment.

              Thank you again.

              1 Reply Last reply Reply Quote 0
              • N
                nandocicero @stephenw10
                last edited by

                @stephenw10 I have downloaded last iso but checksum isn't the same??
                0_1539578609452_checksum.png

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  The sha256 file is a text file containing the expected checksum.

                  The checksum of that txt file is not expected to be the same.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.