dear Ztcoracat when I Click on verify your ISO yesterday coming this page >>
How to verify ISO images
This page explains how to verify their integrity and authenticity.
Select the Linux Mint release you downloaded:
19 18.3 18.2 18.1 18 17.3 17.2 17.1 17 LMDE BETA
( after that this page )
How to verify ISO images
This page explains how to verify their integrity and authenticity.
Preparation
1. Create a directory called "ISO" in your home directory.
2. Move the ISO image you downloaded in this directory.
3. Download the following files and move them into the "ISO" directory.
FILE DESCRIPTION
sha256sum.txt Contains the SHA256 sums to check the integrity of the ISO images.
sha256sum.txt.gpg Signed by the Linux Mint team to check the authenticity of the sha256sum.txt file.
Your ~/ISO directory should now contain 3 files: Your ISO image, the sha256sum.txt file and the sha256sum.txt.gpg file.
Integrity check
To verify the integrity of your ISO image, generate its SHA256 sum and compare it to the one found in the sha256sum.txt file.
In most Linux distributions the SHA256 sum can be generated by opening a terminal and running the following commands:
cd
cd ISO
sha256sum -b *.iso
The last command should show you the SHA256 sum of your ISO file. Compare it to the one found in the sha256sum.txt. If they match, you've successfully verified the integrity of your ISO image.
Note: If you have coreutils version 8.25 or newer, another way of checking the sum is to ask the sha256sum command to check the file against the sha256sum.txt file, like this:
sha256sum --ignore-missing -c sha256sum.txt
Authenticity check
To verify the authenticity of the sha256sum.txt file, we need to check the signature on the sha256sum.txt.gpg file.
1. Import the Linux Mint signing key:
gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
Note: If gpg complains about the key ID, try the following commands instead:
gpg --keyserver keyserver.ubuntu.com --recv-key A25BAE09
gpg --list-key --with-fingerprint A25BAE09
Check the output of the last command, to make sure the fingerprint is 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09.
2. Verify the authenticity of the sha256sum.txt file:
cd
cd ISO
gpg --verify sha256sum.txt.gpg sha256sum.txt
The output of the last command should tell you that the file signature is 'good' and that it was signed with the following key: A25BAE09.
Note: Unless you trusted this signature in the past, or a signature which trusted it, GPG should warn you that the signature is not trusted. This is expected and perfectly normal...
Linux Mint is free of charge (thanks to your donations and adverts on the website) and we hope you'll enjoy it.
Some of the packages we distribute are under the GPL. If you want to access their source code you can use the apt-get source command. If you can't find what you're looking for please write to
root@linuxmint.com and we'll provide the source to you.
Linux Mint is copyrighted 2006 and trademarked through the Linux Mark Institute. All rights reserved. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
