PizzaGate git repo updated, now includes file hashes and PGP signature!

in pizzagate •  last year

I've updated the pizzagate research git repository again , and I've added a way to double check files haven't been tampered with.

Every time I update the repository I'll make an index of all files as well as their unique file hashes using hashdeep, and then clearsign this report using PGP key 0x6149e199ee21159c and save that as filehashes.ausbitbank.txt .

Now we have unique fingerprints for every file in the archive (md5 and sha256) saved to an index - and a way to verify if someone has tampered with the index .


View the hash index on gitlab

To check the signature file with GPG

1 ) Import my public key from a keyserver :

gpg --keyserver pgp.mit.edu --recv-keys 0x6149e199ee21159c

2 ) Verify the signature

gpg --verify filehashes.ausbitbank.sig

A valid clearsigned file will say this :

gpg: Signature made Thu 08 Dec 2016 10:40:59 PM AEDT using RSA key ID EE21159C
gpg: Good signature from "AusBitBank AusBitBank@gmail.com"

To manually verify file hashes against whats in the index

Hashes are saved in the index in this format
filesize,md5sum,sha256sum,filename

Linux users can get the sha256 hash for any file using :

sha256sum filename

For example :
sha256sum rest-in-peace/aaron-swartz.jpg

Gives this result :
a547f64789d0eadffecc3ab1da959b317b8b3f092e5b952dbaf3ea97e010710b rest-in-peace/aaron-swartz.jpg

You can then lookup that hash in the index to verify it matches.

This command combines 2 steps, calculates the unique hash, and then grep/searches for that hash in the index.

grep "`sha256sum rest-in-peace/aaron-swartz.jpg|cut -f1 -d" "`" filehashes.ausbitbank.txt

If you get no result, the hash didn't match anything in the index .
If the hash matches anything, it will dump the matching lines from the index like this example:

25826,81f36503f595fed83a0d28abba8a7914,a547f64789d0eadffecc3ab1da959b317b8b3f092e5b952dbaf3ea97e010710b,./rest-in-peace/aaron-swartz.jpg

Future improvements

It's manual for now, but it's better then nothing imho . I'd like to automate verification, and find a way to also generate sha256-256 hashes in the format used by IPFS , since I expect the censorship of this info will only escalate..

I'm open to suggestions for better / more secure ways to do this!

View the latest commits on gitlab

~ @ausbitbank ~

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

This post has been ranked within the top 50 most undervalued posts in the second half of Dec 08. We estimate that this post is undervalued by $17.74 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Dec 08 - Part II. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.

Thank you for doing this. Hash and digital signature is a great idea.