How to verify the Automate MISP-VMs? ------------------------------------ In this directory you will find the following files: - OVA File (VirtualBox export of the VM) - ZIP File (ZIP Packae of the VMware VM) - ASC File (PGP Armored file of the above files) - checksums Directory (The directory with all the checksums of the above files) Verify VirtualBox OVA --------------------- 1. Download signatures Download the OVA and the ASC into the same directory. 2. Verify signatures On the command line verify the PGP signature first, example: $ gpg --keyserver pgp.circl.lu --recv-key 0x34F20B13 $ gpg --verify MISP_v2.4.107@latest.ova.asc MISP_v2.4.107@latest.ova gpg: Signature made Wed 15 May 2019 07:04:42 PM JST gpg: using RSA key EDEC891834F20B13 gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) " [ultimate] 3. Download SFV files Now download the checksum file and its signature, and verify. $ wget https://www.circl.lu/misp-images/MISP_v2.4.107@latest-CHECKSUM.sfv $ wget https://www.circl.lu/misp-images/MISP_v2.4.107@latest-CHECKSUM.sfv.asc $ gpg --verify MISP_v2.4.107@latest-CHECKSUM.sfv.asc MISP_v2.4.107@latest-CHECKSUM.sfv gpg: Signature made Wed 15 May 2019 07:15:10 PM JST gpg: using RSA key EDEC891834F20B13 gpg: BAD signature from "CIRCL MISP (CIRCL MISP VM Release Key) " [ultimate] If you get a BAD signature, please download again. Next, use rhash or go with the manual way. rhash ----- $ cat MISP_v2.4.107@latest-CHECKSUM.sfv |sed 's/@\(.*\)-/@latest-/g' |sed 's/@\(.*\).ova/@latest.ova/g' |rhash -c -v --percents - --( Verifying MISP_v2.4.107@latest-CHECKSUM.sfv )------------------------------- MISP_v2.4.107@latest-VMware.zip OK MISP_v2.4.107@latest.ova OK -------------------------------------------------------------------------------- Everything OK Manual (not recommended) ------------------------ Take any file you want to verify, with sha1-sum for example. $ shasum MISP_v2.4.107@8a51109.nvram | cut -f 1 -d\ |grep -o -i -f - MISP_@8a51109.sfv D3A2EBF751E31C6972F89DEC4F57D69C4681A142 If you get back a shasum, it worked, the file is safe and sound. Now you could do this, for all files, for all the checksums (sha1/256/384/512) OR just use rhash. Verify VMware ------------- 1. Download signatures Download the ZIP and the ASC into the same directory. 2. Verify signatures On the command line verify the PGP signature first, example: $ gpg --verify MISP_v2.4.107@latest-VMware.zip.asc MISP_v2.4.107@latest-VMware.zip gpg: Signature made Wed 15 May 2019 07:04:42 PM JST gpg: using RSA key EDEC891834F20B13 gpg: Good signature from "CIRCL MISP (CIRCL MISP VM Release Key) " [ultimate] Do step number 3 from above. $ unzip MISP_v2.4.107@latest-VMware.zip Archive: MISP_v2.4.107@latest-VMware.zip inflating: VMware/disk-s001.vmdk inflating: VMware/disk-s002.vmdk inflating: VMware/disk-s003.vmdk inflating: VMware/disk-s004.vmdk inflating: VMware/disk-s005.vmdk inflating: VMware/disk-s006.vmdk inflating: VMware/disk-s007.vmdk inflating: VMware/disk.vmdk inflating: VMware/MISP_v2.4@8a51109.sfv inflating: VMware/MISP_v2.4.107@8a51109.nvram extracting: VMware/MISP_v2.4.107@8a51109.vmsd inflating: VMware/MISP_v2.4.107@8a51109.vmx inflating: VMware/MISP_v2.4.107@8a51109.vmxf $ cd VMware $ rhash -c -v --percents MISP_v2.4@8a51109.sfv Config file: /etc/rhashrc --( Verifying MISP_v2.4@8a51109.sfv )----------------------------------------------- disk-s001.vmdk OK disk-s002.vmdk OK disk-s003.vmdk OK disk-s004.vmdk OK disk-s005.vmdk OK disk-s006.vmdk OK disk-s007.vmdk OK disk.vmdk OK MISP_v2.4.107@8a51109.nvram OK MISP_v2.4.107@8a51109.vmsd OK MISP_v2.4.107@8a51109.vmx OK MISP_v2.4.107@8a51109.vmxf OK -------------------------------------------------------------------------------- Everything OK You can be more or less confident that verything is fine.