Commit ec2dacab authored by Dario's avatar Dario
Browse files

Added hash and key verification (24), updated welcome page

parent bfe3a5b8
......@@ -23,3 +23,34 @@ At the moment, it is divided into three main areas:
<a href="https://parrotsec.org/download/"><img src="./images/parrot-4.11.jpg" width="60%"/></a>
</div>
This documentation has been possible thanks to Parrot OS community members's work.
Our Parrot OS Team in *spanish* language is:
- José Gatica (ParrotSec-ES Team Leader)
- Josu Elgezabal (Documentation Leader)
- Romell Marín (Documentation Leader)
- Claudio Marcial (Web Leader Team)
- Alejandro Pineda (ParrotOS-ES Art)
- Manuel Hernández (ParrotOS-ES Art)
- Raúl Alderete (Audiovisual Material)
**Lorenzo "palinuro" Faletra** (Parrot OS Leader and Developer)
*English* Doc Team
- Dario Camonita
- José Gatica
\
**(past contributors):**
- Eloir Corona
- Adrian "Ghostar" Baldiviezo
If you want to join us and colaborate with this project, we invite you to join in our [Telegram chat group](https://t.me/parrotsecgroup). You can find us on our [Facebook group](https://www.facebook.com/groups/parrotsec) too.
Also, if you find some mistake (hey! we're humans), you can write an email to team at parrotsec dot org
## Why Parrot? ##
**Because it was born as a game, and every pirate of the seven seas needs a parrot on his shoulders if he wants to board the galleons with his crew of jailbird filibusters**.
# Hash and key verification #
## Why should anyone verify keys and signatures? ##
Most people — even programmers — are confused about the basic concepts underlying digital signatures. Therefore, most people should read this section, even if it looks trivial at first sight.
Digital signatures can prove both authenticity and integrity to a reasonable degree of certainty. Authenticity ensures that a given file was indeed created by the person who signed it (i.e., that it was not forged by a third party). Integrity ensures that the contents of the file have not been tampered with (i.e., that a third party has not undetectably altered its contents en route).
Digital signatures cannot prove any other property, e.g., that the signed file is not malicious. In fact, there is nothing that could stop someone from signing a malicious program (and it happens from time to time in reality).
The point is that we must decide who we will trust (e.g., Linus Torvalds, Microsoft, or the Parrot Project) and assume that if a given file was signed by a trusted party, then it should not be malicious or negligently buggy. The decision of whether to trust any given party is beyond the scope of digital signatures. It’s more of a sociological and political decision.
Once we make the decision to trust certain parties, digital signatures are useful, because they make it possible for us to limit our trust only to those few parties we choose and not to worry about all the bad things that can happen between us and them, e.g., server compromises (parrotsec.org will surely be compromised one day, so don’t blindly trust the live version of this site), dishonest IT staff at the hosting company, dishonest staff at the ISPs, Wi-Fi attacks, etc.
By verifying all the files we download that purport to be authored by a party we’ve chosen to trust, we eliminate concerns about the bad things discussed above, since we can easily detect whether any files have been tampered with (and subsequently choose to refrain from executing, installing, or opening them).
However, for digital signatures to make any sense, we must ensure that the public keys we use for signature verification are indeed the original ones. Anybody can generate a GPG key pair that purports to belong to the “Parrot OS” but of course only the key pair that we (i.e., the Parrot Team) generated is the legitimate one. The next section explains how to verify the validity of the ParrotOS signing keys in the process of verifying a ParrotOS ISO. (However, the same general principles apply to all cases in which you may wish to verify a PGP signature, such as verifying repositories, not just ISOs.)
\ No newline at end of file
# Parrot Security Official Documentation #
This project has been possible thanks to Parrot OS community members's work.
You can see our online doc on https://docs.parrotsec.org, also we care about creating new contents.
---
Our **Parrot OS Leader Team** in spanish language is:
- José Gatica (ParrotSec-ES Team Leader)
- Josu Elgezabal (Documentation Leader)
- Romell Marín (Documentation Leader)
- Claudio Marcial (Web Leader Team)
- Alejandro Pineda (ParrotOS-ES Art)
- Manuel Hernández (ParrotOS-ES Art)
- Raúl Alderete (Audiovisual Material)
English Doc Team
- Dario Camonita
- José Gatica
**(past contributors):**
- Eloir Corona
- Adrian "Ghostar" Baldiviezo
---
**Lorenzo "palinuro" Faletra** (Parrot OS Leader and Developer)
---
If you want to join us and colaborate with this project, we invite you to join to our Telegram chat group with the next link: https://t.me/parrotsecgroup
You can find us on our Facebook Group too: https://www.facebook.com/groups/parrotsec
### Our web: ###
· English: https://www.parrotsec.org/
· Spanish: https://www.parrotsec-es.org/
Also, if you find some mistake (hey! we're humans), you can write an email to josegatica@parrotsec.org
## Why Parrot? ##
"Because it was born as a game, and every pirate of the seven seas needs a parrot on his shoulders if he wants to board the galleons with his crew of jailbird filibusters".
......@@ -19,6 +19,7 @@
- [Parrot Software Management](<./23.- Parrot Software Management.md>)
- [Compile a custom kernel](<./19.- Compile a custom kernel.md>)
- [File and Directory Permissions](<./File and Directory Permissions.md>)
- [Hash and key verification](<./24.- Hash and key verification.md>)
<!--
- [What is Live Mode](<./04.- What is Live Mode.md>)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment