Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to verify my Linux Mint 18 "Sarah" - Cinnamon (64-bit) ISO. I am using gpg4win Kleopatra to import the key. I type - keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09" into the search box and press Search. Nothing is returned. I also tried it without the quotes.
I know the checksum must be calculated, but according to the Linux Mint documentation, not before the signing key is imported. It is that first step
where the problem is encountered.
Thanks Again,
JWebb
The following steps should be performed to verify an ISO image:
Import the signing key:
gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
Browse the main mirror, or choose a mirror near you, and download the ISO image, the sha256sum.txt and the sha256sum.txt.gpg files into the same directory.
Verify the signature on the sha256sum files with the following command (The output of this command should mention that the signature is "Good". Also, if you didn't import keys before on your computer you can ignore the warning "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner."):
gpg --verify sha256sum.txt.gpg sha256sum.txt
Once this is done, the sha256sum.txt can be trusted.
Generate the sha256 sum of your ISO image, and compare it to the sum present in the sha256sums.txt file.
sha256sum -b yourisoimagefile.iso
If the signature was "Good" and the sha256 sums match, you successfully verified the integrity and authenticity of the ISO image.
If you want to follow the instructions on https://linuxmint.com/verify.php, you're supposed to enter gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09" at a Linux terminal or terminal emulator.
The gpg command installed by Gpg4win in Windows may work similarly, but you will have to enter the command at the Windows command prompt, not in a search box.
Most people just check the hash without bothering about the gpg key, but if you want that extra level of security then fair play to you.
I did what you suggested and the output is below. My command was copied directly from the Mint Web site. Because they have been hacked recently, this was strongly suggested, but it failed.
C:\Users\Family User\Downloads> gpg --keyserver keyserver.ubuntu.com --recv-key 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
gpg: "27DE" not a key ID: skipping
gpg: "B156" not a key ID: skipping
gpg: "44C6" not a key ID: skipping
gpg: "B3CF" not a key ID: skipping
gpg: "3BD7" not a key ID: skipping
gpg: "D291" not a key ID: skipping
gpg: "300F" not a key ID: skipping
gpg: "846B" not a key ID: skipping
gpg: "A25B" not a key ID: skipping
gpg: "AE09" not a key ID: skipping
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.