Category Archives: Tutorials

Verifying Signatures with GPG

PGP — or “Pretty Good Privacy”– is a message format that’s used to sign and/or encrypt documents. In fact, this is relevant to you in the Off-Label OS user experience so pay attention. GnuPG is an implementation of PGP. More specifically, it’s a free software version of software that is defined in a specification document (RFC-4880) but often implemented as a commercial software product. Gnu, however, is a name you should get to know, if you don’t already, because Gnu basically always implies free software (copyleft). And so GnuPG is the free version of PGP. Are you with me so far?

PGP (or GPG, in our case) can be used to sign documents, like I mentioned. What this means is that if I have a PGP key pair, I use my keys to sign a document, which is exactly what I did with the file that I made available for download. You see, once I make a zip file, what’s to stop someone else from modifying it and distributing it as if it were the original? The ansewr is PGP.

Now, it’s typically (and awesomely) used for encrypting files; PGP can be used to scramble file contents so that only the intended recipient’s key can decrypt the file and view the contents in plain text. But that’s not what we’re doing with it.

What we’re doing is just signing. Signing the file uses our PGP keys to certify the file contents at a specific time. If the file is modified in any way after this, the signature verification will fail. In our case, we’re verifying with OffLabelOS.sig.

The way to do this is:

1. Download in its entirety.
2. Download OffLabelOS.sig
3. Open your terminal / command line program (terminal in mac, cmd in windows)
4. Download my public key: gpg --recv-keys 8F1D6125
5. Verify that key’s fingerprint is: 2011 83C3 1C8D B187 D019 2065 0040 1F2F 8F1D 6125
6. Verify the signature: gpg --verify OffLabelOS.sig

Now you’re ready to proceed and unzip before you cd OffLabelOS and vagrant box.

Getting Started with OLOS part 1: Fulfilling software dependencies

Off-Label OS is easy to get up and running, but you must install two other free programs in order to run it. First, you need to install VirtualBox and then you need to install Vagrant.


>.>.>.>.>.>.>.>.>.>.>.>. 1st install VirtualBox

>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>. then.

>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>.>. only then. install Vagrant.

After you have installed VirtualBox and [then] Vagrant, it’s command-line time. You are now ready to use the terminal to verify and unzip In Mac OS-X, you can use spotlight to find “terminal” and in Windows, it’s traditionally been: start -> run -> cmd (please adapt this to modern Windows as appropriate).

To verify the integrity of the zip file you have downloaded, follow the instructions about pgp signatures here. When you have verified that the zip file was signed by the key you downloaded from, you are ready to unzip.

To unzip the file, you can just type unzip in the directory with that file (typically ~/Downloads), and you can cd into the OffLabelOS directory that is unzipped from that file. Once inside that directory, you’re two commands away:

vagrant box add OffLabelOS_v001

and then, once that is done…

vagrant up

which should launch VirtualBox and present to you the OffLabelOS login screen.