Personal Notes File

Verification of Downloaded Package

Both the Windows and the Linux versions of NOTEFILE are distributed in the same compressed package file: notefile.7z. To check the integrity (checksum or hash) of the downloaded package file, it is strongly advised to download the notefile.asc hash list file and to use an appropriate hash verification program. The hash list file is also signed with my PGP key for additional security. Therefore, there are two steps for validation. The first step is recommended only for users who require additional security.

Before starting the validation, the above-mentioned notefile.7z file and the notefile.asc file should be downloaded and placed in a preferably empty directory on your local computer.

Step 1: Validate the PGP signature in the .asc file (optional)

It is beyond the scope of this help topic to teach you how to install and use PGP or GPG (GnuPG). You can search for PGP for Windows or PGP for Linux to learn more. Once you have installed PGP or GPG on your local machine, you can import my public key using the following command:

$ gpg --recv-keys 16BC4013DF713A87AEFEAD161F68A52926B3C0BA

If the above command fails with a no user ID message, then please import my public key directly with the gpg --import - command.

Validate the signature in the .asc file using the following command:

$ gpg --verify notefile.asc

If the output contains a line like Good signature from "Fedon Kadifeli … <…@kadifeli.com>" …, the signature is valid and you may proceed. GPG may display trust warnings if you have not explicitly trusted my public key in your keyring; this is expected and does not indicate a problem.

Note: In the above examples, the command name gpg was used. In your own PGP or GPG installation, the command name may be pgp or something else.

Step 2: Validate the .7z file using one of the hashes listed in the .asc file

You can validate the hash of the downloaded notefile.7z file against the hashes listed in the notefile.asc file. You need a tool like md5sum, sha1sum, sha256sum, or sha512sum. These are generally built into Linux and freely available on the Internet for Windows. Assuming that the notefile.asc and notefile.7z files are in your current directory, run one of these commands as shown below:

$ md5sum -c notefile.asc

If the output contains a line like notefile.7z: OK, you have successfully validated the notefile.7z downloaded package. You can safely ignore the warning about improperly formatted lines. This warning refers to the hash entries for other hash algorithms and the PGP signature in the file, which are not relevant to the currently running command. You are now ready to install NOTEFILE on your computer.