I think one of the most important things you can do from a security perspective is to make safe choices easy/easier. One thing that I feel is too impractical is verifying sha checksums when the checksum is just listed on a webpage with no download option. Eg:
I wanted to make it a bit easier for myself and created a small, newbie bash script to perform the testing.
function verifyChecksum()
{while getopts "f:s:b:" opt; do
case $opt in
f) file="$OPTARG"
;;
s) sum="$OPTARG"
;;b) bits="$OPTARG"
;;
esacdone
echo "$sum $file" | sha"$bits"sum --check
}Next I get some arguments, file (f), checksum (s) and bits (b)
I assign them to reasonable variable names before i perform the magic
Echo out the checksum followed by the file name, then perform a shaXsum where X is the bits specified as input.
Next time I open a terminal I can type something like this:
$ verifyChecksum -f Downloads/icaclient_20.04.0.21_amd64.deb -s 155BA05F03D555E286D99E64DC70260436E426A4BEADB0F829327CC6B5851B80 -b 256
And I'll (hopefully) get this as an output:
Downloads/icaclient_20.04.0.21_amd64.deb: OK
Comments
Post a Comment