MD5SUM Advanced Tutorial (revision 140822-r01KI)

Return to Lab 02

  • We have learned how to generate MD5SUM and MD5SUM.asc. We will make MD5SUM and MD5SUM.asc of all the files that we made today.
    $ md5sum * > MD5SUM
    $ md5sum -c MD5SUM
    $ gpg --output MD5SUM.asc -ba MD5SUM
    $ gpg --verify MD5SUM.asc
  • MD5SUM will contain md5sum list of the files that we access, we can see this using vi ($ vi MD5SUM) or, since we will not change anything, via cat.
    $ cat MD5SUM

    ed3aedc89500cc2bc53dad9780337532  myself.txt
    1f8640efff1b3c45acc2bc5f15978033  cobaawk
    97803349e3ac93dad97803370c285802  cobased
    9ccbcac315727e689e7e8c3416ec5886  coba-awk
    8670577ffbacc4499a20b6b9df6fc9c3  coba-2
    7040e83e5103fac02e1664b4d557d4dd  coba-3
    2fab3e773bb57f93dd5e44a8925aa92c  coba-4
    cf6f5ef57db6e99a3e50b17c23c36434  coba-5
    d41d8cd98f00b204e9800998ecf8427e  WHAT-IS-THIS.txt
  • MD5SUM.asc file can be read too via cat.
    $ cat MD5SUM.asc

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.10 (GNU/Linux)
    
    iF4EABEIAAYFAk9F7rcACgkQkNMc5KEBoqFHVAEAh/rn2PvWnxKRqic6aiH9jDlB
    cH03naNVXtSWMMNHh6cA/0hocCGGA5sVbK3O9fWH1dNr7FkwAyD6SIiOacTH3wVz
    =mrql
    -----END PGP SIGNATURE-----
  • What you need to understand, is that MD5SUM and MD5SUM.asc are the signatures of the CURRENT files your own signature. Therefore, if we change any files that is listed in MD5SUM, we have to re-generate the MD5SUM because the file signature will change. Let's change coba-2 file by adding a sentence "NPM was here!". Replace NPM with your student ID.
    $ vi coba-2
    i

    1202000818 was here!

    [Esc]
    :wq
    
  • After we made the change, let's try to verify MD5SUM
    $ md5sum -c MD5SUM

    myself.txt: OK
    cobaawk: OK
    cobased: OK
    coba-awk: OK
    coba-2: FAILED
    coba-3: OK
    coba-4: OK
    coba-5: OK
    WHAT-IS-THIS.txt: OK
    md5sum: WARNING: 1 of 9 computed checksums did NOT match

    You can see that verification for cobahello.c and cobahello are FAILED. Therefore everytime you change any files, you have to re-generate MD5SUM but you have to be careful by NOT adding MD5SUM and MD5SUM.asc files themselves to the new verification.
    $ md5sum coba* myself.txt WHAT-IS-THIS.txt > MD5SUM

    Change NPM with your student ID.
    So that the md5sum list inside the file will all become valid again.
    $ md5sum -c MD5SUM

    myself.txt: OK
    cobaawk: OK
    cobased: OK
    coba-awk: OK
    coba-2: OK
    coba-3: OK
    coba-4: OK
    coba-5: OK
    WHAT-IS-THIS.txt: OK
  • When you re-generate MD5SUM, your MD5SUM.asc file becomes invalid because it is based on your old MD5SUM file:
    gpg --verify MD5SUM.asc

    gpg: Signature made Thu 23 Feb 2012 02:45:59 PM WIT using DSA key ID A101A2A1
    gpg: BAD signature from "Ramot Stephanus (OS) <rast20@ui.ac.id>"

    Your signature verification becomes BAD signature. Therefore, everytime you change the MD5SUM file, you have to re-generate MD5SUM.asc.
    $ gpg --output MD5SUM.asc -ba MD5SUM
    Fill in your password
    Type y then [Enter] to overwrite file.

    Voila! Your MD5SUM.asc returns to Good signature.
    gpg --verify MD5SUM.asc

    gpg: Signature made Thu 23 Feb 2012 02:50:13 PM WIT using DSA key ID A101A2A1
    gpg: Good signature from "Ramot Stephanus (OS) <rast20@ui.ac.id>"
  • To save the amount of time re-generating, we advise you to create MD5SUM and MD5SUM.asc in the END of tutorial before you commit to svn.
  • This marks the end of MD5SUM Advanced Tutorial.

Return to Lab 02
Return to Wiki