This is commonly called "secure apt" (or "apt-secure") and was implemented in Apt version 0.6 in 2003, which Debian migrated to in 2005.Since the documentation (here and here) is fairly slim on how this all works from an administrator's point of view, this document will try to explain in detail how secure apt works and how to use it.

With the recent release of Beryl 0.2, the Beryl Project appears stronger then ever.

Folks using Debian have a good reason to be happy about that: a new Debian repository of Beryl packages has recently been unveiled.

This tutorial aims to explain in a clear and concise manner the installation and configuration of a Beryl enabled Debian desktop.

In recent releases, Debian has been using strong crypto to validate downloaded packages.

For detailed information on commands please refer to the man pages of the tools.

A secure hash function (a type of checksum) is a method of taking a file and boiling it down to a reasonably short number that will uniquely identify the content of the file, even if people are deliberately trying to create a pair of different files with the same checksum or create a new file that matches a previous checksum.

APT was originally designed around MD5 but people have since managed to construct collisions and so support for newer hash functions has been added.

Public key cryptography is based on pairs of keys, a public key and a private key.

The public key is given out to the world; the private key must be kept a secret.

Anyone possessing the public key can encrypt a message so that it can only be read by someone possessing the private key.

It's also possible to use a private key to sign a file, not encrypt it.