This is the most effective way to get your users to verify files.
We all know we risk malware when we don't verify downloaded files.
But it's so much hassle, most users skip it and hope for the best. Your own server logs show that.
Few people have any idea what a pgp/gpg sig or a hash is. People believe software should handle all that complex stuff. They're right.
Give them one command that downloads and verifies. They'll verify every time.
If your operating system offers a safeget package, install it.
But safeget isn't in many package managers yet. So get safeget-installer and run
python3 safeget-installerIt downloads, verifies, and installs Safeget itself.
You can publish a Safeget command. Or get a free simple custom Safeget.
Option #1: You can let DeNova create a custom no-parameter Safeget for free. For example, we created a custom Safeget installer for Bitcoin Core with Safeget itself and all the parameters built in.
python3 safeget-bitcoin-coreYour users just download the custom installer and run it. They don't have to install anything first. It's really hard to get it wrong.
Option #2: You publish one command for your users that shows all the details. The more checks you specify, the safer your users are. It's good practice to publish your Safeget command through multiple channels.
Here's an example of using Safeget with one command for Bitcoin Core:
safeget \ https://bitcoin.org/bin/bitcoin-core-0.20.1/bitcoin-0.20.1-x86_64-linux-gnu.tar.gz \ --pubkey https://www.reddit.com/r/Bitcoin/wiki/pgp_keys \ --signedhash SHA256:https://www.reddit.com/r/Bitcoin/wiki/verifying_bitcoin_core
With either option, Safeget takes the same steps:
When a parameter is a url, Safeweb searches that web page for what it needs. For example, a pgp signature can be buried in text. Safeget checks the protocol, downloads the page, and extracts the sig.
Safeget checks:
Want more checks? Let us know.
Safeget solves the question of which verification sources and methods to trust: Don't trust any of them too much. The solution is a defense in depth, using multiple hosts and algorithms.
Safeget is completely decentralized with no gatekeeper. There's no single point of failure.
Because Safeget can check many hashes in addition to pgp/gpg signatures, it's highly resistant to quantum computing attacks.
Most file verification relies on a single host or algorithm. But no one really knows which ones are safe. Safeget checks as many as you like.
Safeget can get corroboration from multiple sources. Safeget can verify a file based on the file's source, pgp keys, pgp file signature, pgp signed hashes, explicit hashes, and more. You can spread the information across different hosts and use multiple hash algorithms. Everything has to agree for a file to verify.
Sideloading, downloading files from unofficial sources, is risky. Safeget can make sideloading much safer.
You don't have to rely on DeNova's host. Put your Safeget command on your own host.
You can specify as many checks as you like, all in one command. Then wrap it all in a simple custom safeget.
The more checks, the more certain you are that the file is valid. It is extremely unlikely that a bad file will pass multiple hash algorithms. You might find yourself calculating the time needed to find a multiple hash collision in HDOU units — "Heat Death of the Universe".
In practice, when you use Safeget with multple signed hashes attackers will have to bypass or attack Safeget itself.
Safeget is distributed as open source, in a single python file, so it's easy to audit the code. Please do.
You can tell Safeget to run a program after it's done. It's a great way to launch installers. With one command you can download, verify thoroughly, and install.
If you see a "SyntaxError: invalid syntax", then you probably are trying to run Safeget with python2. It's a bug in python2. Use python3.
Most people don't verify. Maybe they don't quite understand how or why. Even security pros sometimes skip it.
Instead of telling your users to follow a long and complex procedure they won't do, download and verify with Safeget.
It doesn't matter if they don't know what a pgp/gpg sig or hash is. With Safeget, users verify files.
Copyright 2019-2020 DeNova.
Safeget is open source, licensed under GPLv3