View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009195Kali LinuxKali Websites & Docspublic2025-05-22 17:202025-12-23 07:33
Reportermaltfield Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionopen 
Summary0009195: Link to PGP Verification guide from Downloads Page
Description

This ticket is a request to update the Kali downloads page to include a direct link to the article in the Kali documentation that describes how to cryptographically verify the authenticity of downloads

Steps to Reproduce

  1. Go to kali website frontpage https://kali.org/
  2. Click the big "Download" button to load https://www.kali.org/get-kali/#kali-platforms
  3. Click the "Live Boot" button
  4. See link to download .iso
  5. Look around on page for the detached signature file
  6. ???
  7. Look around on page for instructions on how to verify the .iso file
  8. ???
  9. ctrl+f find on page for "verify"
  10. ???
  11. ctrl+f find on page for "verify"
  12. ???
  13. ctrl+f find on page for "signature"
  14. ???
  15. ctrl+f find on page for "asc"
  16. ???
  17. ctrl+f find on page for "pgp"
  18. ???
  19. ctrl+f find on page for "gpg"
  20. ???
  21. Open ticket to fix this UX bug

Solution

The solution to this is to update the downloads page:

To include at least one link to the following page:

Personally, because unsigned checksums don't provide any security, I recommend replacing all of the sum buttons on this page with a button that says verify and links to the above page.

Activities

maltfield

maltfield

2025-05-22 17:25

reporter   ~0020615

Personally, because unsigned checksums don't provide any security, I recommend replacing all of the sum buttons on this page with a button that says verify and links to the above page.

Possible shorter text to replace sum would be:

  1. sig
  2. gpg
  3. pgp
  4. asc
arnaudr

arnaudr

2025-05-23 00:41

manager   ~0020619

Last edited: 2025-05-23 00:42

Personally, because unsigned checksums don't provide any security,

"don't provide any security" is a stretch. Checksums are distributes by www.kali.org over HTTPS, I think that's secure enough.

If that's not secure enough for you, we do provide signed checksums, as you've noticed already.
g0tmi1k

g0tmi1k

2025-12-23 07:33

administrator   ~0021164

This report has been filed against an old version of Kali. We will be closing this ticket due to inactivity.

Please could you see if you are able to replicate this issue with the latest version of Kali Linux (https://www.kali.org/get-kali/)?

If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/

Issue History

Date Modified Username Field Change
2025-05-22 17:20 maltfield New Issue
2025-05-22 17:25 maltfield Note Added: 0020615
2025-05-23 00:41 arnaudr Note Added: 0020619
2025-05-23 00:42 arnaudr Note Edited: 0020619
2025-12-23 07:33 g0tmi1k Note Added: 0021164
2025-12-23 07:33 g0tmi1k Status new => closed