R E A R D E N on Nostr: Excellent, well worth your time and effort. Up your Opsec skillz people! ...
Excellent, well worth your time and effort. Up your Opsec skillz people!
quoting nevent1q…ynsvI'm going to do a public tutorial series in stages, where you can follow along and learn gpg and sha256 verification skills. Lessons in small manageable chunks.
Use #gpgparman to find related posts, and bookmark this one as I'll add subsequent tutorials in replies.
Let's begin...
You can follow along with a computer (not a phone), Mac, Windows, or Linux.
Today, let's just do a basic sha256 hash of a file with some explanations.
Step 1:
Download my free pdf book (why not make a smol plug?) from this website, click the download button on the page...
https://armantheparman.com/topb/
Alternatively, the direct link to the file is...
https://armantheparman.com/wp-content/uploads/2022/10/The-Orange-Pill-Book.pdf
It should download to your downloads directory.
The size is 32.52 MB, but how can you be sure you truly downloaded the correct file, and where does the trust start and end? This is where hashing comes in. (It doesn't matter much for a PDF, but it's crucial for a Bitcoin Wallet!)
A hash is a computer function that takes data and produces a numerical fingerprint of fixed value - a random-looking big number. There are many properties to hashes, the relevant thing here is that if you repeatedly hash the same data, you'll always get the same fingerprint.
If you want a detailed explanation of mining, I have an essay, https://armantheparman.com/mining/
Anyway, if I hash my PDF file, and report the result to you, then when you hash it and get the same value, you know we have identical copies. If you get a different result, it's likely you did something wrong, downloaded the wrong file, or the file got modified from what I originally published.
While you still trust I'm giving you a friendly product, you're no longer trusting the delivery system (the internet and anyone trying to trick your computer), ie the file hasn't been tampered with because the hashes are identical.
Step 2:
This is the hash of my file, make a note of it:
23cd0813cc811d8cf11995335ca6c74825e9b97b4571f80f4d99abe5aa81bdd1
Step 3:
For Mac and Linux, open the terminal and find your file. If it's in the downloads directory, you can get there by typing:
cd ~/DownloadsWindows
ls
For Windows, open cmd and type
cd downloads
dir
For Parmanode computers, I have included a shortcut as part of 'ParmaShell', just type
dl
The above instructions will list everything in the downloads directory (A text-based version of exploring files). You should see the pdf file in there and the spelling of the filename.
The-Orange-Pill-Book.pdf
Make sure the file has finished downloading before attempting the next step, it's possible to hash an incompletely downloaded file and then you'll get a hash value mismatch.
Detour:
A common reason why people get the wrong hash values on Macs is because they might download a zipped file, and once downloaded, the Mac operating system automatically unzips the file and throws the original in the trash! Without asking - Yes. Why? I don't know, it's dumb. Then, people hash the extracted file, get a mismatch and wonder what's going on. They need to remove the file from the trash and hash that file, not the extracted file. Moving on...
have
Now we hash the file. For Linux and Mac, type this in the terminal:
shasum -a 256 The-Orange-Pill-Book.pdf
For Windows:
certutil -hashfile The-Orange-Pill-Book.pdf sha256
You should then get exactly the same hash as what I attest:
23cd0813cc811d8cf11995335ca6c74825e9b97b4571f80f4d99abe5aa81bdd1
Step 5:
Now repeat the above command and hash any other file for practice. Then do the same file again and see that you get an identical result.
That's it for now, I hope it was fun. I'll write more to build from this in a little while.