Personal Notes File

Verification of Downloaded Package

Both the Windows and the Linux version of NOTEFILE is distributed in the same compressed package file: notefile.7z. To check the integrity of the downloaded package file, it is strongly advised to download the notefile.asc hash list file and using any appropriate checksum / hash verification program, to verify the checksum of the downloaded package. The hash list file is also signed with my PGP key for extra security. So, there are two steps for validation, with the first step being optional.

Before starting the validation, the above-mentioned notefile.7z file and the notefile.asc file should be downloaded and put into a preferably empty directory on your local computer.

Step 1: Validate PGP signature in the .asc file (optional)

It is beyond the scope of this help topic to teach you how to install and use PGP or GPG (GnuPG). You can search for pgp for windows or gpg for linux to learn more. Once you have installed PGP or GPG on your local machine, import my public key using the following command:

gpg --recv 16BC4013DF713A87AEFEAD161F68A52926B3C0BA

If the above command fails with no user ID message, then please import my public key directly with the gpg --import - command.

Validate the signature in the .asc file using the command:

gpg --verify notefile.asc

If the output contains a line like Good signature from "Fedon Kadifeli … <…>" …, you are good to go. Warnings may be displayed if you have not yet trusted my public PGP key, but this is normal.

Note: In the above examples, the command name gpg was used. In your own PGP or GPG installation, the command name may be pgp or something else.

Step 2: Validate the .7z file using one of the hashes listed in the .asc file

You can validate the checksum of the downloaded notefile.7z file against the hashes listed in the notefile.asc file. You need a command like md5sum, sha1sum, sha256sum, or sha512sum. You can find them from free on the Internet. Checksum validation is easy. Assuming that the notefile.asc and notefile.7z files are in your current directory, run one of these commands as shown in the example below:

md5sum -c notefile.asc

If the output contains a line like notefile.7z: OK, you have successfully validated the notefile.7z package you have downloaded. You can safely ignore the warning about improperly formatted lines. You are now ready to install NOTEFILE on your computer.