home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC-Online 1998 February
/
PCOnline_02_1998.iso
/
filesbbs
/
os2
/
pgp263.arj
/
PGP263I.SRC
/
PGP263II.ZIP
/
contrib
/
md5sum
/
readme
< prev
next >
Wrap
Text File
|
1996-01-12
|
3KB
|
83 lines
Instructions for the MD5SUM Utility
-----------------------------------
This utility computes MD5 checksums of files, ignoring end-of-line
conventions unless the -b (binary) flag is set.
This utility can be used to check the integrity of any files. For
this discussion, we'll be checking the files in the PGP source code
release. For PGP version 2.6.3i, the file containing all the MD5
message digests is called "pgp263i.md5", but for other versions of PGP,
the filename will change to reflect the new version number.
The file "pgp263i.md5" contains the signatures of all the files in the
source. If you are in the PGP base directory and run
md5sum -c contrib/md5sum/pgp263i.md5
you will get an error message if any files fail to match. If all
files match, nothing will be printed.
You need to borrow some files from the PGP sources to compile this
utility (md5.c, md5.h, and possibly the getopt implementation);
see the md5sum.c file for details. On some platforms, you may have
to compile md5.c with the -DHIGHFIRST flag, or the MD5 sums will be
wrong. Two makefiles, one for Unix and one for Amiga, are included.
These should be a good starting point for tailoring makefiles on
other systems.
The file pgp263i.md5 is signed by stale@hypnotech.com, so you can be
reasonably sure it's correct. It would be possible for a hard-working
miscreant to fiddle with the distribution so all of this mutual checking
would not show any errors, but it's not going to happen accidentally.
And if you have a previous version of PGP that you trust, it's not going
to happen at all.
The only other thing that's needed is a detached PGP signature of the
files md5sum.c, md5.c and md5.h, and anyone with a previous trusted
version of PGP can be sure that no tampering has occurred anywhere, and
that's here:
md5sum.c:
-----BEGIN PGP MESSAGE-----
Version: 2.6.3i
iQCVAgUAMPZzGrCfd7bM70R9AQH7PQQAiyd/myRHDk8IrzpB/4sVO3Slj8tZc3dE
5Swfe3GkBpTyTvZYbqxwq1HQu5mAJbJsMbZD2s8D3BWKYAJZfrkNmutVKE6n9UVu
eS2DXBPSalCZmQcv0UcHzbca9mExhgi4HGwy81kvUOAI6YWB22bYsk4DgciCRUx6
6wcNUMPqN+Q=
=HUeq
-----END PGP MESSAGE-----
md5.c:
-----BEGIN PGP MESSAGE-----
Version: 2.6.3i
iQCVAgUAMPZzOrCfd7bM70R9AQHYQgP/aPMSp1knVNWkw/D3AW+WtE/qJ88M7FYN
+v9DZjwdNpCMETUFHBRqzL2gx+A9OXlCnIVf38fDlyHIdiJz1pOtYhataV9XtVp9
iS+ayzB3Yv7dUrPhynXsKGjtD9YjQ0wgvuuFKqchq1B6Cn3yYkN4pwGhRvAXO8x1
Vz/OU+Ywd4M=
=bzeZ
-----END PGP MESSAGE-----
md5.h:
-----BEGIN PGP MESSAGE-----
Version: 2.6.3i
iQCVAgUAMPZzS7Cfd7bM70R9AQH6EgQAqIlxNGYAq3Ynx8DdCeq32/2qZQoDdVHl
BwEQIv05clQsI01VnVsh4cNig3cTV+wg99UklOhzgiATQc3vFumgFkEJkF7bII1S
LZTNdBm561/029KIBv9dzMdArarNqAQQ6iJnaepVyNzC73xTyFCtEcTz4UFg+WV3
nbw9gIGnx70=
=1cCa
-----END PGP MESSAGE-----
These signatures were generated by stale@hypnotech.com. His key is
supplied in the keys.asc file in the PGP distribution and is signed
by various PGP developers, so you know that we are who we say we are,
and if there are any trojan horses in the source, you know who put
them there. Isn't security fun?)
--
-Colin <colin@nyx.cs.du.edu>
Revised by Jeffrey I. Schiller <jis@mit.edu>
Revised by Stale Schumacher <stale@hypnotech.com>