OPNsense Forum

English Forums => General Discussion => Topic started by: lumilumi on June 02, 2026, 12:18:47 AM

Title: iso verification [SOLVED]
Post by: lumilumi on June 02, 2026, 12:18:47 AM
hi! I'm brand new to this and I was wondering if I could get some help with this part of the instructions on installation --

im trying to verify my iso before installing - but I can't get this part of the instructions to work:


https://docs.opnsense.org/manual/install.html#download-and-verification
If the checksums match, continue with the verification commands.

openssl base64 -d -in OPNsense-<filename>.<image>.sig -out /tmp/image.sig
openssl dgst -sha256 -verify OPNsense-<filename>.pub -signature /tmp/image.sig OPNsense-<filename>.<image>


I have changed the file name to actual file name -- but the command says:
cannot verify two files at once


I verified pub key and checksum 256 -- but this part of the commands won't work for me
any tips? i'm very new!
any help greatly appreciated
Title: Re: iso verification
Post by: lumilumi on June 02, 2026, 03:14:36 AM
I think there may be an error in the guide / or at least some unclearness

- needing to nano in a new file .pub -- for the public key
- as well as a bit of unclearness about whether you uncompress before or after checking the checksum 256

I think if you compress after it provides an incorrect checksum
but if you checksum the compressed file it provides the correct checksum256
Title: Re: iso verification
Post by: patient0 on June 02, 2026, 06:29:38 AM
Let's see what is needed by using the lastes 26.1.6 nano as an example. The referenced guide writes:

QuoteOpenSSL is used for image file verification. 4 files are needed for verification process:
  • The SHA-256 checksum file (<filename>.sha256)
  • The bzip-compressed image file (<filename>.<image>.bz2)
  • The signature file for the uncompressed image file (<filename>.<image>.sig)
  • The OpenSSL public key (<filename>.pub)


"<filename>" does mean different things here, which can be a bit confusing.

With that the process would be as follows:


Could you elaborate which part you did find confusing and need clarification?

Quoteneeding to nano in a new file .pub -- for the public key
Not sure what you want to say here.

Quoteas well as a bit of unclearness about whether you uncompress before or after checking the checksum 256

Since "openssl sha256 OPNsense-<filename>.bz2" ends in "bz2" you can be sure that for the sha256 checksum the compressed file is needed. And later it then mentions in the warning "Make sure to unpack the image using bunzip2 before verifying". So checksum => compressed image, verification => uncompressed image.
Title: Re: iso verification
Post by: lumilumi on June 02, 2026, 07:01:14 AM
thank you!
Title: Re: iso verification
Post by: lumilumi on June 06, 2026, 08:12:12 AM
how can I mark this as solved?
Title: Re: iso verification
Post by: patient0 on June 06, 2026, 08:43:27 AM
Quote from: lumilumi on June 06, 2026, 08:12:12 AMhow can I mark this as solved?
Renaming the thread title by adding '[Solved]' at the beginning is the most common.
Title: Re: iso verification
Post by: lumilumi on June 09, 2026, 01:22:43 AM
thankies!