Ake Koomsin

Verifing OpenBSD Install Media on OS X

New OpenBSD 5.6 has been released. It is time to give it a try.

In the installation maunal, There is a section “Verifying the OpenBSD Installation Media”. signify command is used for verification.

Verifying the install media
1
signify -C -p /etc/signify/openbsd-56-base.pub -x SHA256.sig cd56.iso

The SHA256.sig and cd56.iso can be obtained from the mirror. However, openbsd-56-base.pub file is not available. In addition, there is no signify in default OS X installation.

To use signify to verify the install media, we can do the following:

1) Install signify from either port or homebrew.

Install signify from homebrew
1
brew install signify-osx

2) Copy the public key from http://www.openbsd.org/56.html and create a file to store the key. It is required that the file must start with “untrusted comment: ”.

56.pub
1
2
untrusted comment: signify public key for OpenBSD 5.6
RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV

3) Verify. In my case, I verify the install56.fs which is for creating bootable USB. In my case, every file is in the same directory.

Verify
1
signify -C -p 56.pub -x SHA256.sig install56.fs

The final result should look like this.

Final result
1
2
Signature Verified
install56.fs: OK