LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-04-2016, 08:06 PM   #1
jwebb
LQ Newbie
 
Registered: Sep 2016
Posts: 4

Rep: Reputation: Disabled
Linux Mint Verify ISO


Hello;

I am trying to verify my Linux Mint 18 "Sarah" - Cinnamon (64-bit) ISO. I am using gpg4win Kleopatra to import the key. I type - keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09" into the search box and press Search. Nothing is returned. I also tried it without the quotes.

Thank You,
Joe
 
Old 09-04-2016, 09:07 PM   #2
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,651
Blog Entries: 17

Rep: Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259
The MD5 sum (which I am assume you are using, as you do not specify) is not a gpg key.

See this: https://help.ubuntu.com/community/HowToMD5SUM
 
Old 09-05-2016, 10:36 AM   #3
jwebb
LQ Newbie
 
Registered: Sep 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi Frank;

Thanks for the quick response.

I know the checksum must be calculated, but according to the Linux Mint documentation, not before the signing key is imported. It is that first step
where the problem is encountered.

Thanks Again,
JWebb


The following steps should be performed to verify an ISO image:

Import the signing key:
gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"

Browse the main mirror, or choose a mirror near you, and download the ISO image, the sha256sum.txt and the sha256sum.txt.gpg files into the same directory.
Verify the signature on the sha256sum files with the following command (The output of this command should mention that the signature is "Good". Also, if you didn't import keys before on your computer you can ignore the warning "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner."):
gpg --verify sha256sum.txt.gpg sha256sum.txt
Once this is done, the sha256sum.txt can be trusted.
Generate the sha256 sum of your ISO image, and compare it to the sum present in the sha256sums.txt file.
sha256sum -b yourisoimagefile.iso
If the signature was "Good" and the sha256 sums match, you successfully verified the integrity and authenticity of the ISO image.
 
Old 09-05-2016, 02:49 PM   #4
hydrurga
Senior Member
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 18.2 MATE
Posts: 3,491
Blog Entries: 2

Rep: Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196
If you want to follow the instructions on https://linuxmint.com/verify.php, you're supposed to enter gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09" at a Linux terminal or terminal emulator.

The gpg command installed by Gpg4win in Windows may work similarly, but you will have to enter the command at the Windows command prompt, not in a search box.

Most people just check the hash without bothering about the gpg key, but if you want that extra level of security then fair play to you.
 
Old 09-05-2016, 05:48 PM   #5
jwebb
LQ Newbie
 
Registered: Sep 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks for your response.

I did what you suggested and the output is below. My command was copied directly from the Mint Web site. Because they have been hacked recently, this was strongly suggested, but it failed.

JWebb


C:\Users\Family User\Downloads> gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09" not a key ID: skipping

C:\Users\Family User\Downloads> gpg --keyserver keyserver.ubuntu.com --recv-key 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
gpg: "27DE" not a key ID: skipping
gpg: "B156" not a key ID: skipping
gpg: "44C6" not a key ID: skipping
gpg: "B3CF" not a key ID: skipping
gpg: "3BD7" not a key ID: skipping
gpg: "D291" not a key ID: skipping
gpg: "300F" not a key ID: skipping
gpg: "846B" not a key ID: skipping
gpg: "A25B" not a key ID: skipping
gpg: "AE09" not a key ID: skipping
 
1 members found this post helpful.
Old 09-05-2016, 08:01 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,651
Blog Entries: 17

Rep: Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259Reputation: 3259
Quote:
I know the checksum must be calculated, but according to the Linux Mint documentation, not before the signing key is imported. It is that first step
Thanks, jwebb. I learned something (which is why I hang around here in the first place).
 
Old 09-06-2016, 03:04 AM   #7
hydrurga
Senior Member
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 18.2 MATE
Posts: 3,491
Blog Entries: 2

Rep: Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196
Googling for "not a key ID: skipping" --recv-key produces http://superuser.com/questions/10710...ad-public-keys

This concurs that the command format as given previously doesn't work on Windows, and suggests a workaround for that o/s of the format:

gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
 
1 members found this post helpful.
Old 09-06-2016, 05:10 AM   #8
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,570
Blog Entries: 14

Rep: Reputation: Disabled
https://support.microsoft.com/en-us/kb/889768
 
Old 09-07-2016, 06:42 PM   #9
jwebb
LQ Newbie
 
Registered: Sep 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
hydrurga;

Thanks! That worked.

gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09

JWebb
 
Old 09-08-2016, 12:56 AM   #10
hydrurga
Senior Member
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 18.2 MATE
Posts: 3,491
Blog Entries: 2

Rep: Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196Reputation: 1196
Great! Thanks for the feedback, jwebb.

Can you mark the thread as "Solved" please (see "Thread Tools" at the top of the thread).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Trying to verify with terminal the Fedora 18 ISO Ztcoracat Fedora 13 02-23-2013 05:56 PM
How do I verify the iso images Virtual Circuit Slackware - Installation 6 02-18-2008 10:17 AM
How to verify downloaded iso's ashwin_cse Fedora 1 06-27-2005 09:23 PM
How do I verify the iso's with md5sums and other questions Bork3 Mandriva 1 11-16-2003 02:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration