--- pgp/contrib/md5sum/readme 2018/04/24 16:39:48 1.1.1.2 +++ pgp/contrib/md5sum/readme 2018/04/24 16:44:21 1.1.1.4 @@ -1,15 +1,30 @@ +Instructions for the MD5SUM Utility +----------------------------------- + This utility computes MD5 checksums of files, ignoring end-of-line -conventions unless the -b (binary) flag is set. The file "pgp23.md5" -contains the signatures of all the files in the source. If you are -in the source directory and run "md5sum -c pgp23.md5", you will get -an error message if any files fail to match. If all files match, -nothing will be printed. +conventions unless the -b (binary) flag is set. + +This utility can be used to check the integrity of any files. For +this discussion, we'll be checking the files in the PGP source code +release. For PGP version 2.6.2, the file containing all the MD5 +message digests is called "pgp262.md5", but for other versions of PGP, +the filename will change to reflect the new version number. + +The file "pgp262.md5" contains the signatures of all the files in the +source. If you are in the source directory and run + + md5sum -c ../contrib/md5sum/pgp262.md5 + +you will get an error message if any files fail to match. If all +files match, nothing will be printed. You need to borrow some files from the PGP sources to compile this utility (md5.c, md5.h, and possibly the getopt implementation); -see the md5sum.c file for details. +see the md5sum.c file for details. On some platforms, you may have +to compile md5.c with the -DHIGHFIRST flag, or the MD5 sums will be +wrong. -The file pgp23.md5 is signed by one of the developers, so you can be +The file pgp262.md5 is signed by jis@mit.edu, so you can be reasonably sure it's correct. It would be possible for a hard-working miscreant to fiddle with the distribution so all of this mutual checking would not show any errors, but it's not going to happen accidentally. @@ -23,35 +38,41 @@ that's here: md5sum.c: -----BEGIN PGP MESSAGE----- -Version: 2.3 +Version: 2.6.1 -iQBgAgUBLB2GKco9of2GWqfzAQEHNwJXcWywhAoq8hBOxRnk6IDU7FoltmeInXDS -kkO7qpM8yL34MChuXRn9P97FItJeWUatRPDIGSzO6Gqw+CA5jiRfI6Sj9zMBU1ef -VHR2 -=5EcU +iQCVAwUBLmkvh8UtR20Nv5BtAQGt6AP/S41H9gw7rfifG7W6ZlMviV4VVeov1C54 +wkS/rjG3+tCm2Gcixfcx7iPb6wIbg5IqWtjbuPd2xvpyLn8MrN3E4Llak7tOBVg7 +insTxrqzjmSNCxVPe3X5+QqnOY7TlI6qIjhZ74Wb9gKiQxKn3f5yjKzJKvpv20a1 +ngI7v5BADKQ= +=Qi79 -----END PGP MESSAGE----- md5.c: -----BEGIN PGP MESSAGE----- -Version: 2.3 +Version: 2.6.1 -iQBgAgUBLB2Ghso9of2GWqfzAQH0rQJVFoCqfOtnLe1hIKb21wIiX4VqPJbHg2B+ -p5AXczVVMoO7NyYaCuFEQfGeET+GMq3yqp4jH6/mQ8fglXHkPDwpR7D8/f2Opl2g -MLRg -=TVF4 +iQCVAwUBLmkvv8UtR20Nv5BtAQE/jgQAooUL4iKAeg5alJKGvbFqmFlFz0dakkne +HnX2dDihBHiapkZ/a2dMCMNbDuxWcUdS5/I4RQfhaLPis9WTeQr2d707c4x5+B4a +QPSEAA3fZ0GwX+q8JkZ4XSD3NZbcGJRdudtnp8sYnVY3n7PkzUm6xK7ZcxFxmKTf +lTh4Hf3EAaU= +=mxp3 -----END PGP MESSAGE----- md5.h: -----BEGIN PGP MESSAGE----- -Version: 2.3 +Version: 2.6.1 -iQBgAgUBLB2Gnco9of2GWqfzAQGORQJXSH/dr7rvLw2mtwZx/+8gzPjVVmTLapek -2hWo4LOu1/oBFYZN/C/ZQogr7XTk6vJiL4GqrDNWzzi+q1au3dUMO4FP/eFD/fke -AB30 -=+Hn6 +iQCVAwUBLmkvz8UtR20Nv5BtAQHvaAQAq0SZeeArKo5rcRSv25tqa5zFLRDtbZgc +dI8JD0st/Dfj8hZf9KWOBiPQbCD5K4U8SWTAJE4qfNkJGM6gf9hXixuZ/DaEzqQr +ruXxx0/0/pbx48oVKy08kNL2W3/cguJXQjkK0VbqlYUjgy5zApwbkRgjXw3R1mkF +46A7P51mRLg= +=DGCy -----END PGP MESSAGE----- -(And my and Branko's keys are in the supplied key ring, signed by -Philip Zimmermann, so you know that we are who we say we are, and if -there are any trojan horses in the source, you know who put them there. -Isn't security fun?) --- +These signatures were generated by Jeffrey I. Schiller . +Jeff's key is supplied in the keys.asc file in the PGP distribution +and is signed by various PGP developers including Phil Zimmermann, so +you know that we are who we say we are, and if there are any trojan +horses in the source, you know who put them there. Isn't security +fun?) +-- -Colin + Revised by Jeffrey I. Schiller