SUSE Linux Enterprise downloads are available from http://download.suse.com/, but also from partner websites and services.
For you to be able to verify that your downloads are unchanged and authentic, please follow these steps:
- Download the iso images of your choice (for example SLE-15-SP2-Online-x86_64-GM-Media1.iso).
- Compute the checksums (SHA-256 hashes):
sha256sum SLE-15-SP2-Online-x86_64-GM-Media1.iso > SLE-15-SP2-Online-x86_64-GM-Media1.iso.sha256
you can compare the result (i.e., the content of the .iso.sha256 file) to the checksum on the download page to make sure that you downloaded the right image. - Download the PGP signatures (.asc files).
- Use gpg from the shell to retrieve the public key (ID 39DB7C82), build@suse.de, fingerprint: FEAB 5025 39D8 46DB 2C09 61CA 70AF 9E81 39DB 7C82
from the keyserver, if you do not have it already:
# create $HOME/.gnupg
gpg --list-keys > /dev/null 2>&1
# retrieve the key, if you do not have it already:
gpg --keyserver pgp.mit.edu --recv-keys 39DB7C82 - You can also get the keys from our website: https://www.suse.com/support/security/keys/
- Check if the key's fingerprint matches with the one given above:
# Verify fingerprint:
gpg --list-keys --fingerprint 39DB7C82
pub rsa2048 2013-01-31 [SC] [expires: 2020-12-06]
FEAB502539D846DB2C0961CA70AF9E8139DB7C82
uid [unknown] SuSE Package Signing Key <build@suse.de> - Verify the signature of your downloaded signed hashes file:
gpg --verify -o SLE-15-SP2-Online-x86_64-GM-Media1.iso.sha256 SLE-15-SP2-Online-x86_64-GM-Media1.iso.
sha256.asc
gpg will tell you if the signatures could be verified ("Good signature") or not ("BAD signature").
If gpg succeeded in verifying the signature, you can be sure that your .iso image is authentic, as generated by the SUSE build service.
Signed Hashes
Hash: SHA1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 17e3d289bb4fcd6771c8ceb56be2ce9d69a244695f8f7fec518c3c97484e3946 SLE-12-Server-DVD-aarch64-Build0951-Media1.iso 40b4d6000ebc1115c53262e1545b742167bba175af9d2f85cc60a3c5464ba5ea SLE-12-Server-DVD-aarch64-Build0951-Media2.iso 11900230e3d96be08df8ed09f20294341e29fdb0edf887ae3af584dd98b0df26 SLE-12-Server-DVD-aarch64-Build0951-Media3.iso 0641868f9cd2a731623790a9ac5bb401530acd5bb1951eefe659f61b367ad627 SLE-12-Server-DVD-ppc64le-GM-DVD1.iso 50781f585fbfe6fd9260210d696c2c1f4166eda055524b90411132ecb47f53a6 SLE-12-Server-DVD-ppc64le-GM-DVD2.iso f66c8804b8c059f508ad0b707547da93a08b305e2a39a93989f4eefb0ae1fad8 SLE-12-Server-DVD-ppc64le-GM-DVD3.iso a24962e017f85f5b4bb7e5c1bbba50d27f1bd8cd4dbf068205cd20762d88df6e SLE-12-Server-DVD-s390x-GM-DVD1.iso 3cf4f1ad0a3aa994dfe1a3459f34da3809ffd809c710deef42739fd94795c0f9 SLE-12-Server-DVD-s390x-GM-DVD2.iso 873f853d6c86c1bf78b76ffd2618454adc187217992ae6a608774a6dd8ffc8f7 SLE-12-Server-DVD-s390x-GM-DVD3.iso 58086fca0441b1d44c7a51c5ee64e1bd4365466fcee48ec92c4f39d07739aeed SLE-12-Server-DVD-x86_64-GM-DVD1.iso acbd9517e8a65a890b52a557c2ebf216dc8ae6b9df55266d40c8d1cc08dc97c9 SLE-12-Server-DVD-x86_64-GM-DVD2.iso c6311093bf264f7b5d30d79c836cdf71be3b8e1104dea6282ab84d48bb582520 SLE-12-Server-DVD-x86_64-GM-DVD3.iso c7f5d6abef9166aefc1fe0d7a7339d692a7ed7e55779fd31a9e1521a0a76374c SLE-12-Server-MINI-ISO-aarch64-Build0951-Media.iso 2e6292d42c58842602ea0a955a998708e72ff91d9b0d6fe83d1e9a49fd01b2d3 SLE-12-Server-MINI-ISO-ppc64le-GM-DVD.iso 4bc6075ec33d07c0c8a9fb48966ac18d1468192dec2839a47052bed08d972f37 SLE-12-Server-MINI-ISO-s390x-GM-DVD.iso 3867719c78f2c8250883e9ec34e6b172d4cbd6694db980d59008605dcfe8c7e9 SLE-12-Server-MINI-ISO-x86_64-GM-DVD.iso -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU7djFAAoJEFj8WLExfNUCORIP/2MwIsi0V7RA3/IqPgzsMtxO PpsTwnd5/86KUrsa3vJ+GcMSjA9KsjS63wn2SulLyETzgb7ObZzHTknSkj2i3uz6 mzBPGqqB9W6aK8B3ZpLXyVz1jbmSwTjVS1UySd4fmPiRoN5YhxNFMS8yEM2gUS8H zUfT87AnpgVEsWWMqfWcVj4iX882a6w3/Q6Zo3dsJ/hKQV/DfL2dpmdg2tesPwds kSsa8Y9Rb6viezYCaPLfVX6aZg1YfktPwXQ87L4vK4My8QRs1lfJ+lvhN5l7ibSc ANWrwXvdfrtFdwZspGDIpQIu1RxrEcPq/dN2Awy/nd4CKlNBbyZ/VlKAMRBvk4pC y+ofF2K7KLv2Zq/G4eee3hjqmmDeH5m5Kx/k8Pk3YWdq2wri1pPhTdNHsI9o3chV +RUXBs1kIFenTGXkBKR9l6Uie0awfemW+joFKrL6KbNqkd65a+Q6bfODLZK0ROBW UN5ixYbrrMEcyVtJv4fLhxOWvcatCB7fk3m/s8UXm4lIYZHGsVmvcgN0/Qy4K4kL 00QOJbAcK8JeI14MsajUcLDpcZINzq+irfkYbQHW4yn9Wi5e5rQFFhQHBB/+R/kF a9HnmPbrUsdoPWPO7cjAwuUZ8zsT6Btvk8jb/uaSuIq/eJ82oHoC9FFgcaRmSxHQ /O7T8SHh56Xq45kSPwn9=cIJA -----END PGP SIGNATURE-----
SLES12 GA CC Respin ISO
- Verify the signature of your downloaded signed hashes file:
gpg -o SHA256SUMS-SLES12-GA_CC-Respin-ISO SHA256SUMS-SLES12-GA_CC-Respin-ISO.sig
gpg will tell you if the signatures could be verified. - Use the file that contains the hashes, as gpg has created it upon verification of the signature; use the sha256sum command for SHA256SUMS* files:
sha256sum -c SHA256SUMS-SLES12-GA_CC-Respin-ISO
Ignore the notices about files that are not present; verified hashes need to state "OK".
If your downloaded images have verified as "OK" by the sha256sum utility, then you are done.
SUSE Security wishes you good success with your Common Criteria certified (EAL4+) SUSE Linux Enterprise product. Make sure to stay secure by regularly installing security updates as provided by the SUSE Security Team.
Signed Hashes
Hash: SHA1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 006ef29887a1bbabdbd87ea766d5525058161f3bc9bb569894f4955b1f9bbb61 SLE-12-Server-DVD-s390x-CC-Respin-A-DVD1.iso 5094b2c977cadf50139d2a09c0486f3c3a5a6c900227e9669a27defc17268178 SLE-12-Server-DVD-s390x-CC-Respin-A-DVD2.iso cf7a7fedad3d6c1b4a41f2c93e584dacc0dc7725eaaef466a35f99f9d95f600c SLE-12-Server-DVD-s390x-CC-Respin-A-DVD3.iso cd13e6fef73f5d9c7718f8938bd60e141447868e36da312faf3fb36cceb06b3b SLE-12-Server-DVD-x86_64-CC-Respin-A-DVD1.iso 18300cd26cae108f7e87449a6111452cb74a0df7ed1fb3ea4968c979978ca7e7 SLE-12-Server-DVD-x86_64-CC-Respin-A-DVD2.iso b172adf4f874dbf9b1cc7b2d66fa5104e9f4d75dd4fb5b61477a9e8fb8b45ace SLE-12-Server-DVD-x86_64-CC-Respin-A-DVD3.iso -----BEGIN PGP SIGNATURE----- iQIcBAEBAgAGBQJWvaT4AAoJEFj8WLExfNUCI8MP/3E9RhaVdOZoaWZyqvRl6q7m kxIMItxNWmH47F5cx3DNLvcMyi0I+LP3HMubV5LdoBsGgPGFhfFwhM2Va3WtxPj3 7HURRsWyXZgX2cnww6zeHfFUTSkpYvWjyXJPpgUDiyrVuuzif5fG8gBgniJynWBl ZzR45F1mIhM9zB/O+8EeKwtUVWSF7+bRAKSBPaLz5e7qoy254tK1KyNWZlJ9DCiN T4MRh+qYNO3MV3W1NNE17HVnYZpbuFKLCed8p92Nmyh9gtBEOtVlfaJHTbh+sGfc ZBarxVXhfY1/YVt+sJ/vWUxZhMtTDvQULMbhpazhrk8s14jP/R4z4cYkCGFqM1fX xJUkflLg64v/ZaiCph6l6QNysD1sKAtOEoh/s1PDuKY7ykysqXMmb+f0OJwoe+Hg MDHe03ecfv+YerGYDNuKM4lr0lVoYLOyWWvd5KmBoVVA2xQE2OcCNUkCMgdnRnJM v0+ni/aCwZgXHLV7zS8ZiJrp7qLhwaO7ZHYnWem7M5jIWrTEuw2MmXoCqsr2YpOb erWnkalUvA+JAYbKL5EaZw2FvaqTMKvGk21JQpxva95UOFm9u5xMtzQrnsirvU1X ivw4mLtzlcEnghdnzosSaksaBHz4k4hTsZhx6Ey0mIAOvO84m3rIsdRX6ANFdlM8 ydRywIa7n4hUZDc5LtIj =yUGj -----END PGP SIGNATURE-----