Guide to Verifying Software Integrity for Itefix.net

This guide explains how to verify that software downloaded from the itefix.net website has not been tampered with and is authentic. To do this, you’ll use checksums and digital signatures provided via a separate server at verify.itefix.net. Following these steps ensures that the software you install is exactly as intended by the developers.

Step 1: Download the Necessary Files

 To perform the verification, you need to download the following files for the software version you are using. As an example, we will use version 5.0.2 of the free x64 Wrbldnsd software.

  • The software file: wrbldnsd_5.0.2_x64_free.zip

  • The SHA256 hash file: wrbldnsd_5.0.2_x64_free.zip.sha256.asc

  • The PGP signature file: wrbldnsd_5.0.2_x64_free.zip.sig.asc

Optional but Recommended: For the PGP verification method, you will also need the Itefix public key: itefixnet-pubkey-2023.asc

 

Step 2: Choose a Verification Method

 You can choose either the SHA256 hash method (simpler) or the PGP signature method (more robust and secure). 

Method A: SHA256 Hash Verification

This method uses a cryptographic hash function to create a unique "fingerprint" of the file. If your generated hash matches the one provided by the developer, the file has not been altered.

  1. Generate a hash: Use a file integrity tool on your operating system to create a SHA256 hash for the .zip file you downloaded.

  2. Command Examples:

    • On Windows (Command Prompt): certutil -hashfile "C:\Users\YourUser\Downloads\wrbldnsd_5.0.2_x64_free.zip" SHA256

    • On Linux/macOS (Terminal): sha256sum /path/to/your/wrbldnsd_5.0.2_x64_free.zip

  3. Compare the hashes: Open the downloaded .sha256.asc file with a text editor. Compare the hash generated by your tool with the hash string inside the file. If they are an exact match, the file is authentic. 

Method B: PGP Signature Verification

 This method uses a digital signature created with the developer's private key. Verifying it with their public key not only checks for integrity but also confirms the file's origin.

  1. Install GnuPG: If you don't already have it, install a PGP tool like GnuPG (gpg).

  2. Import the public key: Import the downloaded public key file into your PGP keyring. gpg --import itefixnet-pubkey-2023.asc

  3. Verify the signature: Use the PGP tool to check the signature against the software file. gpg --verify wrbldnsd_5.0.2_x64_free.zip.sig.asc wrbldnsd_5.0.2_x64_free.zip

  4. Check the output: The tool will produce output. Look for a line that says "Good signature..." to confirm that the file is authentic and has not been tampered with.

By following these steps, you can ensure that the software you downloaded is the same as the one published by the developer, protecting you from potential malicious alterations.