When you have downloaded your favored AnuBitux version from the official download page, it could be a good idea to verify if the file you've obtained is not corrupted or has not been altered by some malicious threat actor.
First of all, notice that on the download page, at the bottom, there is a list of hash values for each downloadable version of AnuBitux.
What's a hash value?
A hash value is like a fingerprint of a file. It is obtained by processing the content of a file through a specific cryptographic algorithm. This will return a string of fixed length, the hash value:
it will be the same every time it is calculated on files with the same content;
it is not reversible;
changing only a single detail of the content of the examined file will give a completely different hash value.
How to calculate the hash value
There are different methods to calculate hash values, also depending on the operating system you are using.
Linux
Under Linux, to calculate the hash values, simply use your terminal, change the working directory with the one where the file you want to calculate the hash value is stored with, for example
cd Downloads
then simply use
md5sum Anubitux_2022_1_live.iso
sha256sum Anubitux_2022_1_live.iso
The commands will print the hash values in your command line. Compare them with the ones shown in the AnuBitux download page to be sure you have downloaded the correct file.
When done, always compare the obtained hash values with the ones shown on the AnuBitux download page to be sure you have downloaded the correct file.
MacOS
Under MacOS, to calculate the hash values, simply use your terminal and change the working directory with the one where the file you want to calculate the hash value is stored, for example
cd Downloads
then simply use
md5 Anubitux_2022_1_live.iso
sha256 Anubitux_2022_1_live.iso
The commands will print the hash values in your command line. Compare them with the ones shown on the AnuBitux download page to be sure you have downloaded the correct file.
How to be sure about hash values?
Hash values shown on the AnuBitux download page have been signed with PGP. To be sure that the displayed hash values are correct, you can check the PGP signature. To do so, first of all, download our PGP key from the proposed sources: github or pastebin.
Then import it to a PGP client like Kleopatra. To do that simply drag and drop the .asc file into its interface or copy the key content in your clipboard and, in Kleopatra, go to "Tools" -> "Clipboard" -> "Certificate import".
You may need to certify the key to use it properly. To do so right click on it and select "Certify".
Then open Kleopatra's notepad, like in the following picture:
Now copy and paste the part of the AnuBitux download page containing the hash values and the PGP signature.
Now click on "Decrypt / Verify Notepad" and, if everithing is okay, you shoul see a message similar to the following one.
Following these steps, you will be sure that the downloaded file corresponds to the original version of AnuBitux because its hash value corresponds to the one shown on the download page and the message on the download page has not been altered because it has a valid PGP signature.
