First -- I'm BRAND new. I have 0 Linux experience and am just trying to set
up my first install. What are .asc and .md5 files. Do I need those in
addition to the .iso or can I just burn the .iso and install?

On 2004-09-28, R.Spinks <rspinks1@wowway.com> wrote:
> First -- I'm BRAND new. I have 0 Linux experience and am just trying to set
> up my first install. What are .asc and .md5 files. Do I need those in
> addition to the .iso or can I just burn the .iso and install?

No, they are not necessary for install, but you should at least learn about
md5. It's an encryption hash to check the integrity of the .iso file you
download. There are md5 utilities for windows. You can find all this on
the web with Google.

nb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, R.Spinks dared to utter,
> First -- I'm BRAND new. I have 0 Linux experience and am just trying to set
> up my first install. What are .asc and .md5 files. Do I need those in
> addition to the .iso or can I just burn the .iso and install?

So it's your first day here? I recommend reading the FAQ (it's posted
here daily) the Good Book (www.slackware.com/book) and the Good Book 2
(slackbook.lizella.net).

Now onto your question.

You most often see .asc and .md5 files on slackware packages. Something
like package_name-version-i486-0.tgz.asc. An asc file is a plain ASCII
file that includes a digital signature. The theory here is a little
complex so hold on if you will.

Digital dignatures work like this. I create an RSA key pair. This key
pair is used to encrypy/decrypt messages as well as sign/verify
messages. One key is a public key to be distributed to the world and
one is a secret/private key to be known only by me. Something encrypted
with the public key can only be decrypted with the private key, and
vice-versa.

So, if I want to send you an encrypted e-mail message, I find your
public key and encrypt the message with it, knowing that only you have
your secret key and thus only you can decrypt it.

Now, if I want you to know that this message (or package as the case
may be) came from me instead of some one else, I use my private key to
make a hash of the message. Then anyone with my public key can verify
that I am the one who sent that message.

..asc files let you verify that the package was actually made by
Slackware. If an ftp server is compromised a cracker could upload his
own package that contains a root kit or something similar that could
wreck havoc on your system. If he did that, the .asc file wouldn't
match up. Even if he put his own .asc file up there, it wouldn't match
to Slackware's public key, and thus you'd know not to trust the
package.

..md5 is much easier. MD5 is a mathematical has function that basically
converts one big number into a smaller hexadecimal number. The first
number always computes to the second number. Two files the same name,
same size, but with different data produce different MD5 hashes. So, if
you download this iso or package and run the md5sum command on it, and
that output doesn't match the .md5 file, something went wrong. Either
you downloaded the wrong package or something went bad in your
download.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBWXnBlKR45I6cfKARAidqAJ9stwaQJVJzE0wLKJLg7G pXtw3epACfe9gb
x1yzg3SSRfcolbABHJBI01c=
=Xpix
-----END PGP SIGNATURE-----

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

pgp trash troll delete

Hicks, Alan
188 Shady Dale Dr
Lizella, GA 31052
478-935-8132

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In alt.os.linux.slackware, R.Spinks dared to utter,
>> First -- I'm BRAND new. I have 0 Linux experience and am just trying to set
>> up my first install. What are .asc and .md5 files. Do I need those in
>> addition to the .iso or can I just burn the .iso and install?
>
> So it's your first day here? I recommend reading the FAQ (it's posted
> here daily) the Good Book (www.slackware.com/book) and the Good Book 2
> (slackbook.lizella.net).
>
> Now onto your question.
>
> You most often see .asc and .md5 files on slackware packages. Something
> like package_name-version-i486-0.tgz.asc. An asc file is a plain ASCII
> file that includes a digital signature. The theory here is a little
> complex so hold on if you will.
>
> Digital dignatures work like this. I create an RSA key pair. This key
> pair is used to encrypy/decrypt messages as well as sign/verify
> messages. One key is a public key to be distributed to the world and
> one is a secret/private key to be known only by me. Something encrypted
> with the public key can only be decrypted with the private key, and
> vice-versa.
>
> So, if I want to send you an encrypted e-mail message, I find your
> public key and encrypt the message with it, knowing that only you have
> your secret key and thus only you can decrypt it.
>
> Now, if I want you to know that this message (or package as the case
> may be) came from me instead of some one else, I use my private key to
> make a hash of the message. Then anyone with my public key can verify
> that I am the one who sent that message.
>
> .asc files let you verify that the package was actually made by
> Slackware. If an ftp server is compromised a cracker could upload his
> own package that contains a root kit or something similar that could
> wreck havoc on your system. If he did that, the .asc file wouldn't
> match up. Even if he put his own .asc file up there, it wouldn't match
> to Slackware's public key, and thus you'd know not to trust the
> package.
>
> .md5 is much easier. MD5 is a mathematical has function that basically
> converts one big number into a smaller hexadecimal number. The first
> number always computes to the second number. Two files the same name,
> same size, but with different data produce different MD5 hashes. So, if
> you download this iso or package and run the md5sum command on it, and
> that output doesn't match the .md5 file, something went wrong. Either
> you downloaded the wrong package or something went bad in your
> download.
>
> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFBWXnBlKR45I6cfKARAidqAJ9stwaQJVJzE0wLKJLg7G pXtw3epACfe9gb
> x1yzg3SSRfcolbABHJBI01c=
> =Xpix
> -----END PGP SIGNATURE-----

NOTE: This message was sent thru a mail2news gateway.
No effort was made to verify the identity of the sender.
--------------------------------------------------------

pgp trash troll delete

Hicks, Alan
188 Shady Dale Dr
Lizella, GA 31052
478-935-8132

+Alan Hicks+ <alan@lizella.network> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In alt.os.linux.slackware, R.Spinks dared to utter,
>> First -- I'm BRAND new. I have 0 Linux experience and am just trying to set
>> up my first install. What are .asc and .md5 files. Do I need those in
>> addition to the .iso or can I just burn the .iso and install?
>
> So it's your first day here? I recommend reading the FAQ (it's posted
> here daily) the Good Book (www.slackware.com/book) and the Good Book 2
> (slackbook.lizella.net).
>
> Now onto your question.
>
> You most often see .asc and .md5 files on slackware packages. Something
> like package_name-version-i486-0.tgz.asc. An asc file is a plain ASCII
> file that includes a digital signature. The theory here is a little
> complex so hold on if you will.
>
> Digital dignatures work like this. I create an RSA key pair. This key
> pair is used to encrypy/decrypt messages as well as sign/verify
> messages. One key is a public key to be distributed to the world and
> one is a secret/private key to be known only by me. Something encrypted
> with the public key can only be decrypted with the private key, and
> vice-versa.
>
> So, if I want to send you an encrypted e-mail message, I find your
> public key and encrypt the message with it, knowing that only you have
> your secret key and thus only you can decrypt it.
>
> Now, if I want you to know that this message (or package as the case
> may be) came from me instead of some one else, I use my private key to
> make a hash of the message. Then anyone with my public key can verify
> that I am the one who sent that message.
>
> .asc files let you verify that the package was actually made by
> Slackware. If an ftp server is compromised a cracker could upload his
> own package that contains a root kit or something similar that could
> wreck havoc on your system. If he did that, the .asc file wouldn't
> match up. Even if he put his own .asc file up there, it wouldn't match
> to Slackware's public key, and thus you'd know not to trust the
> package.
>
> .md5 is much easier. MD5 is a mathematical has function that basically
> converts one big number into a smaller hexadecimal number. The first
> number always computes to the second number. Two files the same name,
> same size, but with different data produce different MD5 hashes. So, if
> you download this iso or package and run the md5sum command on it, and
> that output doesn't match the .md5 file, something went wrong. Either
> you downloaded the wrong package or something went bad in your
> download.
>
> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFBWXnBlKR45I6cfKARAidqAJ9stwaQJVJzE0wLKJLg7G pXtw3epACfe9gb
> x1yzg3SSRfcolbABHJBI01c=
> =Xpix
> -----END PGP SIGNATURE-----