Installation media signatures?

Evilham contact at
Sat Aug 22 10:11:43 UTC 2020

On dv., ag. 21 2020, 6E7368 via freebsd-questions wrote:

> I was about to flash the rpi3 12.1-RELEASE img to an SD card, 
> but I couldn't find any signatures to verify it against. Am I 
> missing something, or are users supposed to install unverified 
> images? Checksums without a signature are not an assurance 
> against tampering.
> I didn't find what I was looking for in the handbook or with 
> Google, and I thought I'd ask here instead of bugging the 
> security mailing list.

Hey, the web announcement has a URL to its signed counterpart:

Since the announcement has all the checksums, you'd have to verify 
the announcement's signature, then the file's checksum against it.
The Handbook has more info about the project's PGP keys:


More information about the freebsd-questions mailing list