I found on different places in the internet this version of Vmware converter 4.3.0, which i need to do a P2V conversion of a very old RedHat box.
I also found those
MD5: 222485c4eb94767378d76237245349cf
SHA1: 173e03fa689155ead54cad7f0c7acc5e363670ed
How can I be sure both file and hashes haven't been tampered with?
VmWare graciously removed from their site a tool I need to process that box.
Any help would be greatly appreciated.
LZ
The checksums match the ones for the converter .exe file that I have in my archive.
One more detail: The file is digitally signed by VMware (08/24/2010)
André
How can I check my copy is actually signed by vmware and trust it?
I just tried with Sigcheck v2.60 from www.sysinternals.com.
It looks ok, but how can I be sure?
LZ
No 3rd party tools required, simply right-click the executable and select "Properties". There you'l find a tab "Digital Signatures".
André
I don't want to look paranoid, but how can I be reasonably sure that even the certificates showing up in the Properties tab haven't been tampered with?
If you open the file with 7-zip by right clicking on it, you find a large payload, some resource folders and a CERTIFICATE file.
I assume the executable runs some integrity check against that certificate, but since I am not so knowledgeable on this things, I just can make assumptions.
Did VmWare publish an MD5 hash when they had this file on their website?
Thank you again for your precious help.
VMware provides hashes with most of their binaries, so I assume that it was the case with this file too.
However, it's been a long time since the file was released, and I don't remember whether it was the case.
Anyway, with two different hashes being what they are supposed to be, and a "valid" digital signature, it's highly unlikely that the file has been compromised. The modification of just a single bit would result in different hashes, and would also show the digital signature as being invalid (when you click on the Details" button in the file's properties).
André
Probably the file is compromised, who will want to change some bit(s) of installation?
