genugate CD image checksums / certificates
In order to ensure that your genugate CD-ROM really is genuine, there is the possibility to verify all installation packages. An experienced hacker might for example replace programs from the original CD with his own versions that would grant him access to the genugate or even your internal company networks through built-in backdoors.
Verification of checksums
On Unix systems, the integrity of the CD-ROM can be verified as described below:
- Get the checksums from genua web server.
- Mount the genugate installation CD (e.g. on /cdrom).
- Genereate checksums for the installation packages on the CD:
With the command corresponding to the type of the checksum, the local checksum is generated. Using OpenBSD as follows:
md5 /cdrom/3.9/i386/*.tgz sha1 /cdrom/3.9/i386/*.tgz rmd160 /cdrom/3.9/i386/*.tgz
- Verify the Checksum: Now compare each local checksum of the installation package in question with the checksum from genua server. If the checksums match, the integrity of the package on the CD-ROM is verified. In case of differences, the support team can assist you.
On some Linux systems (e.g. Debian), the corresponding commands for checksum creation are possibly named a little different: md5sum, sha1sum, ripemd160
On Windows systems, you can use the freely available File Checksum Integrity Verifier (FCIV) utility The free of charge and plattform independent tool Tool Jacksum (JAva ChecKSUM) is able to verify MD5, SH1 and RIPEMD-160 checksums.
