When downloading SuSE 13.2 it is proposed to check it with gpg, md5sum or sha1.
How do I check it with gpg?
Thanks for a hint,
Ake
Download the “.asc” file. So, for example, for the 64-bit DVD, that would be the file “openSUSE-13.2-DVD-x86_64.iso.asc” which is on the download site.
Next, you can check with
gpg --verify openSUSE-13.2-DVD-x86_64.iso.asc
The chances are that this will produced strange messages that you don’t understand, unless you are already familiar with using gpg.
My honest advice: if you are not already familiar with using “gpg”, then don’t even try. Or put if off until later. For now, just check the md5 checksum or similar. To check the md5 sum, download “openSUSE-13.2-DVD-x86_64.iso.md5” from the same download site. You should then have both files “openSUSE-13.2-DVD-x86_64.iso” and “openSUSE-13.2-DVD-x86_64.iso.md5” in the current directory. The command
md5sum -c openSUSE-13.2-DVD-x86_64.iso.md5
will check whether the md5 checksum matches.
Getting back to using “gpg”:
You first need a keyring. Then you need to add the signing key to your keyring. Then you need to decide whether to trust that signing key.
A basic problem is that deciding whether you can trust the signing key is no easier than deciding whether you can trust the downloaded iso file. That’s why I suggest you start with md5 checksum, and spend some time learning to use “gpg” when you are not under time pressure.
For myself: yes, I always check the “gpg” signature. It’s the best way. But the first time that I ever did it, I had that same problem of how to decide whether to trust the signing key.
I hope that was not too confusing.