search

veracrypt / VeraCrypt

Disk encryption with strong security based on TrueCrypt
https://www.veracrypt.fr
Other
6.89k stars 947 forks source link

release 1.25.9 checksum fails #934

Closed levinster82 closed 1 year ago

levinster82 commented 2 years ago

release 1.25.9 sha256sum and sha512sum failures using veracrypt-1.25.9-sha256sum.txt and veracrypt-1.25.9-sha512sum.txt

Expected behavior

checksum should match

Observed behavior

checksum fails but signatures match

Steps to reproduce

$ gpg --verify veracrypt-1.25.9-sha512sum.txt.sig gpg: assuming signed data in 'veracrypt-1.25.9-sha512sum.txt' gpg: Signature made Sun 20 Feb 2022 03:34:25 PM EST gpg: using RSA key 5069A233D55A0EEB174A5FC3821ACD02680D16DE gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) veracrypt@idrix.fr" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE $ gpg --verify veracrypt-1.25.9-sha256sum.txt.sig gpg: assuming signed data in 'veracrypt-1.25.9-sha256sum.txt' gpg: Signature made Sun 20 Feb 2022 03:34:01 PM EST gpg: using RSA key 5069A233D55A0EEB174A5FC3821ACD02680D16DE gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) veracrypt@idrix.fr" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE $ gpg --verify veracrypt-1.25.9-Debian-11-amd64.deb.sig gpg: assuming signed data in 'veracrypt-1.25.9-Debian-11-amd64.deb' gpg: Signature made Sun 20 Feb 2022 08:11:24 AM EST gpg: using RSA key 5069A233D55A0EEB174A5FC3821ACD02680D16DE gpg: Good signature from "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393) veracrypt@idrix.fr" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE $ sha512sum -c veracrypt-1.25.9-sha512sum.txt --ignore-missing veracrypt-1.25.9-Debian-11-amd64.deb: OK veracrypt-1.25.9-sha256sum.txt: OK veracrypt-1.25.9-sha512sum.txt: FAILED sha512sum: WARNING: 1 computed checksum did NOT match $ sha256sum -c veracrypt-1.25.9-sha256sum.txt --ignore-missing veracrypt-1.25.9-Debian-11-amd64.deb: OK veracrypt-1.25.9-sha256sum.txt: FAILED veracrypt-1.25.9-sha512sum.txt: FAILED sha256sum: WARNING: 2 computed checksums did NOT match

Screenshot

Your Environment

VeraCrypt version: 1.25.9

Operating system and version: ubuntu 20.04.1

System type: 64-bit

ghost commented 1 year ago

You need to download the signature.

idrassi commented 1 year ago

Thank you @levinster82 for reporting this issue. It was caused by the fact that checksum files contained reference to themselves and to the other checksum file and this of course is not good since these checksum files are changed after the checksum computation is done!

I have fixed the issue by removing checksum files refrerence from the checksum files!