Verifying DVDs

From RCS Wiki
Jump to navigation Jump to search

How to Verify a Raptor Computing Systems Source DVD

Raptor Computing Systems signs their source DVD images with their publicly available Sales Team GPG key. Verification of DVD contents is strongly recommended to ensure an authentic copy of the software and information contained thereon was received.

Shipments of the Talos II systems include both the source DVD and a letter with a QR Code containing the 40-character PGP Key Fingerprint of the firmware signing key, and a link to where the detached digital signature can be found. For more information on verification of the key itself used to sign the firmware releases, see: The Chain Of Trust. You will need a copy of this signature file along with an extracted ISO image from the DVD to verify the authenticity of the source DVD and the firmware.

Extracting an ISO image from the DVD can be accomplished with the following commands, substituting your DVD drive device node for /dev/sr0. Insert the source DVD into the drive before beginning.

isoinfo -d -i /dev/sr0

Look for the "Block size" and "Volume size" values, then create the ISO image using dd:

dd if=/dev/sr0 of=source.iso bs=<block size> count=<volume size>

Once created, you may verify the ISO with GPG:

gpg --verify <GPG signature file> source.iso

Verify Without Saving ISO:

gpg --verify talos_recovery_disk_v1.0x.iso.asc <(dd if=/dev/cdrom bs=<block size> count=<volume size>)


gpg --verify talos_recovery_disk_v1.02.iso.asc <(dd if=/dev/cdrom bs=2048 count=3861982)

The Chain of Trust

Digital signatures offer sender authentication (a guarantee of who sent the message) as well as provide message integrity (a guarantee that the message has not been altered since the sender authorized it), on one crucial, pivotal condition: that the key itself can be verified to actually belong to who it purports to belong to. If this condition is not met, an adversary could simply change the keys and replace the signatures on a counterfeit disk with one of their own, then impersonate the sender to recipient or vice-versa.

PGP was originally designed with the implicit assumption that the sender and recipient would either be able to meet each other in person to determine the validity of their keys, or would know "trusted introducers" that they believed to be trustworthy that could do so on their behalf through the use of the PGP "Web Of Trust". This "Web Of Trust" model is impractical when the sender and recipient do not know each other and are not in a position where they could meet in person or have any trusted friends in common.

As an alternative to this, Raptor has included a letter marked "Important Information" that is included with all Talos IIs. This letter contains a QR code which encodes the PGP key fingerprint of the key used to sign the firmware. The QR code is marked with Raptor Computing System's logo and should be on the opposite side of the letter. When scanned with any QR Code reading application, it will contain the 40-character plain text hexadecimal SHA-1 fingerprint used to uniquely prove the key's uniqueness. Please note that this format is not compatible with Android OpenKeyChain's "Scan From QR Code" function, and simply gives the raw 40-character fingerprint without spaces or comma separation.

This forms something of a chain of trust that looks like the following:

  • You and the message you wish to verify;
  • Genuineness of the message attested by the Digital Signature;
  • Production of the Digital Signature using the Firmware Signing Key;
  • Verification of the Hash of the Firmware Signing Key via the QR Code included in Raptor's "Important Information" Letter, and possibly out of band, such as via a phone call or by contacting another Talos owner you trust over an end-to-end secure and authenticated channel to get their input.

The digital signatures provided by Raptor's Website, as well as the copies of the keys may then be obtained from an untrusted source, such as via the outside, untrusted internet, as long as the Key Fingerprint matches and the package has not been disturbed or surreptitiously modified while in transit.