# pgp verification of the iso



## gomster (Mar 12, 2021)

I'm new to FreeBSD. I've downloaded the bootonly image from: https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.2/ along with the sha512sum.
I'm currently still on arch and have verified the checksums.
Somebody told me that the keys were at: https://docs.freebsd.org/en_US.ISO8859-1/articles/pgpkeys/ . Is this correct?
What do i do next to verify it? This is my first time doing it.


----------



## eternal_noob (Mar 12, 2021)

> After downloading the image file, download    CHECKSUM.SHA256 from    the same directory.  Calculate a    _checksum_ for the image file.    FreeBSD provides sha256(1) for this, used as sha256      _imagefilename_.    Other operating systems have similar programs.
> 
> Compare the calculated checksum with the one shown in    CHECKSUM.SHA256.  The checksums must    match exactly.  If the checksums do not match, the image file    is corrupt and must be downloaded again.



See "2.3.1. Prepare the Installation Media" at https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html


----------



## gomster (Mar 12, 2021)

freebsd_noob said:


> See "2.3.1. Prepare the Installation Media" at https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/bsdinstall-pre.htmlYe



Yes, I've done that with the only difference between your example and my verification being that i used sha512. My question was about pgp (gpg)verification. 
Kinda like this: https://www.wikihow.com/Verify-a-PGP-Signature . Arch linux for example has this in addition to SHA checksums


----------



## gomster (Mar 12, 2021)

gomster said:


> Yes, I've done that with the only difference between your example and my verification being that i used sha512. My question was about pgp (gpg)verification.
> Kinda like this: https://www.wikihow.com/Verify-a-PGP-Signature . Arch linux for example has this in addition to SHA checksums


I also came across this: https://unix.stackexchange.com/questions/346716/how-to-verify-freebsd-iso-download#346718


----------



## Jose (Mar 12, 2021)

Use sha512(1) if you want to verify the integrity of the download using the CHECKSUM.SHA512-FreeBSD-12.2-RELEASE-amd64 file.


----------



## eternal_noob (Mar 12, 2021)

gomster said:


> My question was about pgp (gpg)verification.


Ok, now i get it. There are several threads here in the forum which might help. For example https://forums.freebsd.org/threads/validate-freebsd-distribution-files.77672/


----------

