BIND DNS Server on a Local Network: Part 4
Downloading and Authenticating BIND
disclaimer
posted: 2020-07-17 | updated: 2020-08-15
Internet Software Consortium, Inc. (ISC) digitally signs its downloadable files and provides a PGP Signature to verify their authenticity and integrity. You’ll need a program, such as GNU Privacy Guard (GnuPG), to carry out the verification process.
Steps to be completed in Part 4:
- Verify and Install GnuPG for Windows
- Download BIND 9, the Signature File, and ISC’s OpenPGP key
- Verify the authenticity and integrity of the BIND Zip File with GnuPG
Step 1: Verify and Install GnuPG for Windows
GnuPG is available under the GNU General Public License for Windows, and other operating systems. There are three versions available for Windows: 1) Gpg4win, a “Full featured Windows version of GnuPG” which sports a GUI and comes packaged with additional utilities; 2) a command line only “simple” version; and 3) GpuPG 1.4 which is no longer being maintained. I’ve opted for the simple command line version.
-
Download GnuPG for Windows
Go to gnupg.org/download/index.html. Scroll down to the GnuPG Binary Releases heading. In the Windows section, click the download link beside the description Simple installer for the current GnuPG. Save the file gnupg w32 2.2.20_20200320.exe, at the time of writing, in a convient location such as:
C:\downloads\GnuPG\gnupg w32 2.2.20_20200320.exe
-
Get the GnuPG file hash
SHA1 hashes (checksums) are available here: gnupg.org/download/integrity_check.html. Scroll down to the heading List of SHA-1 CHECK-SUMS. In the right hand column of table, find the name of the GnuPG install file that you’ve just downloaded. Copy the corresponding checksum and save it in a text file—you’ll need to refer to it in the next step.
-
Verify the Integrity of the GnuPG Install File
Here’s the plan: Use Windows PowerShell to generate an SHA1 hash of the downloaded file and then compare it with the SHA1 hash provided on the GnuPG website. Here’s how:
-
At the command prompt, type:
C:\>powershell
Press Enter.
-
At the Windows PowerShell prompt, type:
PS C:\>Get-FileHash C:\downloads\GnuPG\gnupg-w32-2.2.20_20200320.exe -Algorithm SHA1 | Format-List
Press Enter.
If you want the pretty colors, search for PowerShell in the Windows search box and launch it from there.
-
Compare the generated checksum with the checksum provided on the GNU Privacy Guard website. They should match.
Note that Windows PowerShell displays the hash using uppercase letters while the GNU Privacy Guard checksum uses lowercase.
hash generated in Windows PowerShell:
E6547A9BD2CDCA3264CCB36D64F755BA6C8DA2BA
hash supplied from GnuPG website:
e6547a9bd2cdca3264ccb36d64f755ba6c8da2ba
This is not a problem for a visual comparison. But if this case mismatch offends your sensibilities you can convert the hash to lowercase letters like this:
At the Windows Powershell prompt, type:
PS C:\>$hash = Get-FileHash C:\downloads\GnuPG\gnupg-w32-2.2.20_20200320.exe -Algorithm SHA1 | % hash; $hash = $hash.ToLower(); $hash
Press Enter.
Another option would be to write a quick and dirty script using the PHP hash_file() function: php.net/manual/en/function.hash-file.php
-
-
Installing GnuPG for Windows
-
Double click the installer file:
gnupg-w32-2.2.20_20200320.exe
-
The Welcome screen appears, click Next >
- Read the License agreement, click Next >
-
Choose the components to install. The simple version includes GnuPG only, so there’s nothing else to select, click Install.
-
Installation complete, click Next >
-
Installation is complete, click Finish
-
No comments yet…