[Bro] before install verify download signature

Vlad Grigorescu vlad at es.net
Sat Aug 4 05:28:24 PDT 2018 

Hi Charlie,

It looks like you need to import the Bro public key into your GPG keyring.

As far as the password goes, this is the warning displayed right under the
password prompt when you register:

>
> You may enter a privacy password below. This provides only mild security,
> but should prevent others from messing with your subscription. *Do not
> use a valuable password* as it will occasionally be emailed back to you
> in cleartext.
>
> If you choose not to enter a password, one will be automatically generated
> for you, and it will be sent to you once you've confirmed your
> subscription. You can always request a mail-back of your password when you
> edit your personal options. Once a month, your password will be emailed to
> you as a reminder.
>
  --Vlad

On Sat, Aug 4, 2018 at 3:29 AM, <cmason at cmason.us> wrote:

> hi Thanks.
>
> I follwed your example, it did this....not the same response
>
> cmm$ gpg --verify bro-2.5.4.tar.gz.asc
> gpg: assuming signed data in 'bro-2.5.4.tar.gz'
> gpg: Signature made Wed May 30 08:32:36 2018 PDT
> gpg:                using RSA key C68B494DF56ACC7E
> gpg: Can't check signature: No public key
>
>
>
> Charlie
>
> ps.
>
> In the email verification I recieved when I signed up for bro.org whoever
> created it/sent it put my
>
> account password in there, no encryption, just right there, bold as brass.
>
>
>
>
>
>
>
> On 2018-08-02 06:36, Azoff, Justin S wrote:
>
>
> On Aug 2, 2018, at 4:14 AM, cmason at cmason.us wrote:
>
> Is there an example of a command line for verifying the bro package before
> installing?
>
>
> $ wget https://www.bro.org/downloads/bro-2.5.4.tar.gz
> --2018-08-02 09:26:39--  https://www.bro.org/downloads/bro-2.5.4.tar.gz
> Resolving www.bro.org... 192.150.187.43
> Connecting to www.bro.org|192.150.187.43|:443
> <http://www.bro.org%7C192.150.187.43%7C:443>... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 18520847 (18M) [application/x-gzip]
> Saving to: 'bro-2.5.4.tar.gz'
>
> bro-2.5.4.tar.gz             100%[=============
> =================================>]  17.66M  8.40MB/s    in 2.1s
>
> 2018-08-02 09:26:41 (8.40 MB/s) - 'bro-2.5.4.tar.gz' saved
> [18520847/18520847]
>
> $ wget https://www.bro.org/downloads/bro-2.5.4.tar.gz.asc
> --2018-08-02 09:26:43--  https://www.bro.org/
> downloads/bro-2.5.4.tar.gz.asc
> Resolving www.bro.org... 192.150.187.43
> Connecting to www.bro.org|192.150.187.43|:443
> <http://www.bro.org%7C192.150.187.43%7C:443>... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 801 [text/plain]
> Saving to: 'bro-2.5.4.tar.gz.asc'
>
> bro-2.5.4.tar.gz.asc         100%[=================
> =============================>]     801  --.-KB/s    in 0s
>
> 2018-08-02 09:26:43 (54.6 MB/s) - 'bro-2.5.4.tar.gz.asc' saved [801/801]
>
> $ gpg --verify bro-2.5.4.tar.gz.asc
> gpg: assuming signed data in 'bro-2.5.4.tar.gz'
> gpg: Signature made Wed May 30 11:32:36 2018 EDT
> gpg:                using RSA key C68B494DF56ACC7E
> gpg: Good signature from "The Bro Team <info at bro.org>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the
> owner.
> Primary key fingerprint: 962F D218 7ED5 A1DD 82FC  478A 33F1 5EAE F8CB 8019
>      Subkey fingerprint: E969 0B2B 7D8A C1A1 9F92  1C4A C68B 494D F56A CC7E
> $
>> Justin Azoff
>
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180804/8dd414b8/attachment-0001.html

More information about the Bro mailing list