This guide explains how to verify that software downloaded from the itefix.net website has not been tampered with and is authentic. To do this, you’ll use checksums and digital signatures provided via a separate server at verify.itefix.net. Following these steps ensures that the software you install is exactly as intended by the developers.
Step 1: Download the Necessary Files
To perform the verification, you need to download the following files for the software version you are using. As an example, we will use version 5.0.2 of the free x64 Wrbldnsd software.
-
The software file:
wrbldnsd_5.0.2_x64_free.zip
-
The SHA256 hash file:
wrbldnsd_5.0.2_x64_free.zip.sha256.asc
-
The PGP signature file:
wrbldnsd_5.0.2_x64_free.zip.sig.asc
Optional but Recommended: For the PGP verification method, you will also need the Itefix public key: itefixnet-pubkey-2023.asc
Step 2: Choose a Verification Method
You can choose either the SHA256 hash method (simpler) or the PGP signature method (more robust and secure).
Method A: SHA256 Hash Verification
This method uses a cryptographic hash function to create a unique "fingerprint" of the file. If your generated hash matches the one provided by the developer, the file has not been altered.
-
Generate a hash: Use a file integrity tool on your operating system to create a SHA256 hash for the
.zip
file you downloaded. -
Command Examples:
-
On Windows (Command Prompt):
certutil -hashfile "C:\Users\YourUser\Downloads\wrbldnsd_5.0.2_x64_free.zip" SHA256
-
On Linux/macOS (Terminal):
sha256sum /path/to/your/wrbldnsd_5.0.2_x64_free.zip
-
-
Compare the hashes: Open the downloaded
.sha256.asc
file with a text editor. Compare the hash generated by your tool with the hash string inside the file. If they are an exact match, the file is authentic.
Method B: PGP Signature Verification
This method uses a digital signature created with the developer's private key. Verifying it with their public key not only checks for integrity but also confirms the file's origin.
-
Install GnuPG: If you don't already have it, install a PGP tool like GnuPG (
gpg
). -
Import the public key: Import the downloaded public key file into your PGP keyring.
gpg --import itefixnet-pubkey-2023.asc
-
Verify the signature: Use the PGP tool to check the signature against the software file.
gpg --verify wrbldnsd_5.0.2_x64_free.zip.sig.asc wrbldnsd_5.0.2_x64_free.zip
-
Check the output: The tool will produce output. Look for a line that says "Good signature..." to confirm that the file is authentic and has not been tampered with.
By following these steps, you can ensure that the software you downloaded is the same as the one published by the developer, protecting you from potential malicious alterations.