| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Dokkio Sidebar (from the makers of PBworks) is a Chrome extension that eliminates the need for endless browser tabs. You can search all your online stuff without any extra effort. And Sidebar was #1 on Product Hunt! Check out what people are saying by clicking here.

View
 

MeetingSix

Page history last edited by Er Qi Yang 13 years, 2 months ago

.

LAB: Burning ISOs and PGP

Meeting Six (Lab)


Lesson:

This will be the 3rd lab session to be held at the Computing Lab at level B1 of N4.

 

  1. Objectives:
    1. Work with downloading .ISO files
      1. checking on the file integrity with md5sum and shasum
      2. using xcdrecord or k3b to transfer the .iso file to a CDROM
    2. Creating your own PGP/GPG keys
      1. Adding your keys to the public keyservers
      2. Signing each others keys
    3. Virtualization
      1. Experimenting with qemu/vmplayer

Installing Fedora Live Media to your portable USB device(from a current Fedora installation).

To install Fedora into your portable USB device, you must have the livecd-tools package installed.

 

yum -y install livecd-tools

 

To install the Live Media into your portable USB device, your USB device must be flagged as bootable.

You can use the fdisk utility to make it bootable.

Plug in your portable USB device into the machine. To find out where your portable USB device is mounted, you can use the command:

 

df

 

You have to then unmount the device by using the command:

 

unmount <device-path>

 

Next use the following command to write the Live Media into your portable USB device. Note: This will overwrite all your existing files in the portable USB device.

 

livecd-iso-to-disk <isopath> <device-path>

 

Once completed, plug the USB Live Media into your machine and let it boot from the USB device.

Enjoy!


 

  1. Working with ISO files

    1. Download the following ISO from either:
      1. http://www.slax.org/download.php - choose one of the ftp or http links
      2. from a machine in the LAB - instructions will be provided during the lab
    2. You can download the ISO using either the web browser or by copy the link location, and then using the wget command as follows:
      1. Once you get the web location using a browser, RIGHT click over the link in the browser and choose the option "Copy Link Location". This will copy the URL into the browser's cut/paste buffer.
      2. With the link info in the cut/paste buffer, open up a terminal and at the prompt type in the following:
        1. wget -c -b {the url} Where you will replace {the url} with the actual URL using the paste command or the keyboard short cut ctrl-shift-v.
        2. What does the -c and -b in the wget command do? To check on the wget command's syntax, at the command line, type in man wget
        3. When the download is complete, check that the ISO downloaded is correct using the md5sum command. man md5sum will give you the details.
        4. md5sum {name of iso} - this will print out a string of numbers. This string is a "signature" of the file which you can then verify as being the same by checking the md5 shown on the website for that file. If the md5sum is not the same, you have a faulty download - you need to redo it.
      3. Putting the ISO on to a CDROM
        1. fire up k3b or xcdroast
        2. alternatively, from the command line, do the following:

 


$ cdrecord -scanbus
$ cdrecord -v -eject speed=4 dev=0,0,0 NAMEOFISOFILE.iso
 
      1. put a blank CD in the drive

      2. choose the ISO that you want to burn

      3. tell the burning tool that you are burning a CD image

    1. Testing that the CD is burnt correctly:

      1. do an md5sum of the CD itself
      2. md5sum /dev/cdrom
  1. Pretty Good Privacy/GNU Privacy Guard

    1. Start a terminal
    2. type in the following:
      1. Generate a key gpg --gen-key
      2. The output would be something like this:

 


gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
 
 
gpg: failed to create temporary file `/home/username/.gnupg/.#lk0x97b79a8.curly.5169': No such file or directory
gpg: keyblock resource `/home/username/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/home/username/.gnupg/.#lk0x97b7cb0.curly.5169': No such file or directory
gpg: keyblock resource `/home/username/.gnupg/pubring.gpg': general error
Please select what kind of key you want:
 

 

(1) DSA and ElGamal (default)

(2) DSA (sign only)

(4) RSA (sign only)


 
Your selection?
 
  1. Choose the default - DSA and ElGamal

  2. You will see something like:

 


DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
 

 

minimum keysize is 768 bits

default keysize is 1024 bits

highest suggested keysize is 2048 bits


 
What keysize do you want? (1024)
 

How long the keysize is to be is your choice. The longer it is the harder it is for it to be broken.

  1. Next choose how long it is to be valid:

 


Requested keysize is 1024 bits
Please specify how long the key should be valid.
 

 

0 = key does not expire

= key expires in n days

w = key expires in n weeks

m = key expires in n months

y = key expires in n years


 
Key is valid for? (0)
Key does not expire at all
Is this correct (y/n)?
 
  1. In the example above, no expiry date wa chosen.

  2. Next give your name etc:

 


 
 
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
 

 

"Heinrich Heine (Der Dichter)


 
 
 
Real name:
 
 
 
  1. You will then be asked for a pass phrase - not the same as a password in the you can have spaces etc in it.

  2. gpg will then generate your key pair:

 


You need a Passphrase to protect your secret key.
 
 
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
 
  1. When done, you will see something like:

 


gpg: /home/username/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.
 
 
pub  1024D/4C5CE77B 2006-06-30 User Name
 

 

Key fingerprint = 7FA9 6959 D5F1 DEF7 6F00 E0EB 8409 2501 4C5C E77B


 
sub  1024g/CDE0B750 2006-06-30
 
 
 
 
 
  1. Your keys are all in the .gnupg directory in your home directory:

 


username@curly ~$ ls -alt .gnupg/
total 48
drwxrwxr-x   2 username username 4096 Jun 30 10:42 .
-rw-------   1 username username  908 Jun 30 10:42 pubring.gpg
-rw-------   1 username username  600 Jun 30 10:42 random_seed
-rw-------   1 username username 1046 Jun 30 10:42 secring.gpg
-rw-------   1 username username 1240 Jun 30 10:42 trustdb.gpg
-rw-------   1 username username    0 Jun 30 10:41 pubring.gpg~
drwx--x--x  29 username username 4096 Jun 30 10:41 ..
username@curly ~$
 
 
 
  1. Note that by using CaPItaLs aNd SOMEtimes NoT you can build in further security to your keys. When you make your password make sure that it is not something that WILL FORGET! It is therefore a good idea to generate some kind of a document that contains this info - the passphrase- but keep it really, really secure. Plan for the worse case situation by creatig a revokation certificate as well. Why?

  2. Creating a revocation certificate:

 


 

 

gpg --gen-revoke {USERNAME}


 
 

Place your username that that was used to create the key in the first place.

 


username@curly ~$ gpg --gen-revoke username
 
 
sec  1024D/4C5CE77B 2006-06-30   User Name
 
 
Create a revocation certificate for this key? yes
Please select the reason for the revocation:
 

 

0 = No reason specified

1 = Key has been compromised

2 = Key is superseded

3 = Key is no longer used

Q = Cancel


 
(Probably you want to select 1 here)
Your decision?
 
 
 
    1. This creates a revocation certificate. To be able to do this, you need a secret key, else anyone could revoke your certificate. This has one disadvantage. If I do not know the passphrase the key has become useless. But I cannot revoke the key! To overcome this problem it is wise to create a revoke license when you create a key pair. And if you do so, keep it safe! This can be on disk, paper, etc. Make sure that this certificate will not fall into wrong hands!!!! If you don't someone else can issue the revoke certificate for your key and make it useless.

    2. Some useful gpg/pgp commands:

      1. gpg --list-keys
      2. gpg --list-sigs
      3. gpg --fingerprint
        1. can you suggest what is the use of the fingerprint in the command above?
      4. gpg --list-secret-keys
      5. Deleting a public key gpg --delete-key {USERNAME}
      6. Deleting a secret key gpg --delete-secret-keys
        1. Note: You should delete the secret key FIRST before the public key
      7. Editing your key: gpg --edit-key {USERNAME}
      8. gpg -a -o SOMEFILENAME --export {USERNAME} will create a text file containing the public key of {USERNAME}. You can then submit to any of the public key servers.
      9. To do that, go to: http://pgpkeys.mit.edu:11371/
  1. Working with virtualization

    1. With the ISO that you downloaded earlier, do the following:
      1. qemu -cdrom nameof.iso
      2. if vmplayer is installed in the machine, try that as well.
    2. what are the benefits of virtualization?
    3. Bonus: setting up your live CD on a thumbdrive. This refers to Slax and the instructions are as follows:

 


Boot Slax from a USB flashdrive
If you want to be able to boot Slax without the disc and with a USB flashdrive, you start by booting Slax with the USB drive plugged in. When you get to the part that says root@slax then type this:
 
 
cd /root/
 
 
"cd" command changes the directory that commands can be taken from. Next, type:
 
 
./create_bootdisk.sh . /dev/sda1 /dev/sda SLAX
 
 
The /dev/sda1 tells Slax where the first partition on your USB drive and /dev/sda is the Master Boot Record of the drive. The period after create_bootdisk.sh command tells SLAX to copy all files from the current directory to USB drive; "." Means the current directory now, you changed it to /boot in the previous command
 
 
This should make your USB drive able to boot Slax. Now, to boot, you need to set the BIOS to boot from USB.
 

It is taken from: http://www.geocities.com/slaxfansite/#howto


Resources:

(none)


Previous - Meeting Five

Next - Meeting Seven

 

Comments (3)

Samantha Lim said

at 6:15 am on May 17, 2009

hi
i got lost at this part
livecd-iso-to-disk <isopath> <device-path>
how do i identify the isopath and device-path?

Arnav Singh said

at 10:37 am on May 17, 2009

isopath is the full path to the iso file, like /home/user/abcd.iso

for device path u type in the command line
df
then u see the line corresponding to ur disk port, like /media/sdb1

Arnav Singh said

at 10:38 am on May 17, 2009

You don't have permission to comment on this page.