Some Ubuntu mirror servers still use http instead of https. In addition, a manipulated iso image version with a matching sha256 sum could be foisted on a download server. To ensure tamper-proof and transmission-proof iso images, the servers offer two files: SHA256SUMS and SHA256SUMS.gpg.
SHA256SUMS contains the file names of the offered variants of iso files with the corresponding sha256 sums.
A tutorial suggests to tamper-check these two files like this:
gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMSThis command verifies
SHA256SUMSby the detached signature fromSHA256SUMS.gpgand returns the fingerprint and pretended issuer of the key with which the signature had been computed. In my case it still says that it is only an alleged source and nothing indicates that the signature really belongs to the alleged owner.gpg --keyid-format long --keyserver hkp://keyserver.ubuntu.com --recv-keys <key ID from previous step, the one without blanks, the whole thing prepended with 0x>
I would like to know why command 2., suggested in How to verify your Ubuntu download, is safe against a man in the middle attack
None of these commands are intrinsically safe from MITM. The only reason you'd be safe from MITM is if you get your information from trusted sources for keys, etc. for validation.
I won't go into details (as a discussion of how MITM works and how you can be vulnerable to it is its own 30-minute session for the CISSP exam training), but MITM only works if they've already hijacked you. This is why you have to make sure information you get ahead of time is from legitimate sources for validation. So, part of your job to protect against MITM is to make sure you're using legitimate sources of information. And that starts at your computer - making sure you're using proper DNS servers, not using bad DNS servers, that you don't have any rogue
hostsfile entries for domains, etc.SO, you have to make sure you have legitimate information.
As of July 7, 2024, the following information is verified legitimate:
The
keyserver.ubuntu.comdomain resolves to185.125.188.26and185.125.188.27for IPv4 and2620:2d:4000:1007::70cand2620:2d:4000:1007::d43for IPv6. If your entries forkeyserver.ubuntu.comdon't resolve to this, then you're already screwed.The keys to expect for the SHA256SUMS file are: (note I have a mirror myself of the Ubuntu releases site/mirror so I pulled this locally, but the origin is from releases.ubuntu.com from a trusted system)
The current information about this key is as follows:
Armed with the key and the SHA256SUMS and SHA256SUMS.gpg you can now validate the key:
Note that the warning about 'trusted' is only because we do not have the full trust chain and you do not have keys listed from the Signatures on the key that are trusted to you that indicate this is the legitimate key. That's why it's crucial to get your data from a trusted source so you KNOW you're working with legitimate data and not bogus data.
Note, however, I'm showing you the output from a system that is not my primary Linux system. My primary linux system has GPG keys stored in its keyring from various Ubuntu developers, Debian developers, etc. who I have vetted myself or have gotten to know and met over the years, and on my system the key does NOT show this warning because the trusted signers I already know have signed the package signing key. Because of the keys I know from others being marked as Trusted in my GPG keyrings, validation of the signing key on my actual machine shows Trusted, and the warning you see and I mentioned in my example above, the 'web of trust' from those signatures enhances and validates the trustworthyness of the key.
The only way to make sure you're protected from MITM is trusting the sources of data you are using to get your information and keys from and verifying the legitimate source. There is no other intrinsic MITM protections anywhere at play.