How to verify the ISO image on Windows
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
-
- Level 2
- Posts: 63
- Joined: Fri Dec 27, 2019 7:23 pm
Re: How to verify the ISO image on Windows
First, thank you for creating this thread. I went through the procedure and was successful (win7 & Firefox), but I do have a question about the source of 'sha256sum.txt' & 'sha256sum.txt.gpg ' files.
Is the following correct?
Download the ISO from https://www.linuxmint.com/edition.php?id=274
Then from; https://www.linuxmint.com/mirrors.php to get the 'sha256sum.txt' & 'sha256sum.txt.gpg' files?
I would think that I should get the 'sha256sum.txt' & 'sha256sum.txt.gpg ' files from the same link as I got the ISO. While downloading the ISO, I could not find a way to look for any other files or folders (just a clickable link).
Is this procedure to check the 'sha256sum.txt' & 'sha256sum.txt.gpg' files I got at the mirror against the ones that came in the ISO?
Thanks
Is the following correct?
Download the ISO from https://www.linuxmint.com/edition.php?id=274
Then from; https://www.linuxmint.com/mirrors.php to get the 'sha256sum.txt' & 'sha256sum.txt.gpg' files?
I would think that I should get the 'sha256sum.txt' & 'sha256sum.txt.gpg ' files from the same link as I got the ISO. While downloading the ISO, I could not find a way to look for any other files or folders (just a clickable link).
Is this procedure to check the 'sha256sum.txt' & 'sha256sum.txt.gpg' files I got at the mirror against the ones that came in the ISO?
Thanks
Re: How to verify the ISO image on Windows
While you could, the recommended way is just to go to https://linuxmint.com/verify.php for the release you are downloading and then they are linked right there. But at the end of the day it does not matter where they come from - if either of them have been modified then either authentication will either fail or use the wrong key. That's why we do that step.MintUser19 wrote: ⤴Mon Dec 30, 2019 10:46 pm I would think that I should get the 'sha256sum.txt' & 'sha256sum.txt.gpg ' files from the same link as I got the ISO.
Re: How to verify the ISO image on Windows
It doesn't work either, I get a different message though, "host unknown"
Here is what message i get for both intents. I am not very sure the way to proceed for the last resort option.
Thanks again
Here's another alternative I can offer:
If that does not work, either, then as a last resort you can try retrieving it in a browser: https://keyserver.ubuntu.com/pks/lookup ... =on&op=get, storing it to a file (e.g.
[/quote]
Le chemin d'accès spécifié est introuvable.
C:\Mes documents\Downloads>gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB
15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Aucun serveur de clefs disp
onible
C:\Mes documents\Downloads>gpg --keyserver pool.sks-keyservers.net --recv-key 27
DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Hôte inconnu
C:\Mes documents\Downloads>gpg --keyserver pool.sks-keyservers.net --recv-key 27
DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Aucun serveur de clefs disp
onible
C:\Mes documents\Downloads>gpg --import C:\mes documents\downloads\iso 32bit\key
.asc
gpg: impossible d'ouvrir « C:\mes » : No such file or directory
gpg: impossible d'ouvrir « documents\downloads\iso » : No such file or directory
gpg: impossible d'ouvrir « 32bit\key.asc » : No such file or directory
gpg: Quantité totale traitée : 0
Here is what message i get for both intents. I am not very sure the way to proceed for the last resort option.
Thanks again
Here's another alternative I can offer:
Code: Select all
gpg --keyserver pool.sks-keyservers.net --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
~/key.asc
) and then importing it with gpg (gpg --import ~/key.asc
).[/quote]
Le chemin d'accès spécifié est introuvable.
C:\Mes documents\Downloads>gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB
15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Aucun serveur de clefs disp
onible
C:\Mes documents\Downloads>gpg --keyserver pool.sks-keyservers.net --recv-key 27
DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Hôte inconnu
C:\Mes documents\Downloads>gpg --keyserver pool.sks-keyservers.net --recv-key 27
DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: échec de réception depuis le serveur de clefs : Aucun serveur de clefs disp
onible
C:\Mes documents\Downloads>gpg --import C:\mes documents\downloads\iso 32bit\key
.asc
gpg: impossible d'ouvrir « C:\mes » : No such file or directory
gpg: impossible d'ouvrir « documents\downloads\iso » : No such file or directory
gpg: impossible d'ouvrir « 32bit\key.asc » : No such file or directory
gpg: Quantité totale traitée : 0
Re: How to verify the ISO image on Windows
Put the path in quotes to handle the spaces in it:jonpoljones wrote: ⤴Wed Jan 01, 2020 9:44 pm C:\Mes documents\Downloads>gpg --import C:\mes documents\downloads\iso 32bit\key
.asc
gpg: impossible d'ouvrir « C:\mes » : No such file or directory
Code: Select all
gpg --import "C:\mes documents\downloads\iso 32bit\key.asc"
Re: How to verify the ISO image on Windows
Hey Gm10. Thanks, the import worked, it is more or less the exact messages you have on your screen shot, but then the next command "verify" semms not to work. I am so sorry to be such a noob.
Here's the message
gpg --verify sha256sum.txt.gpg sha256sum.txt
C:\Mes documents\Downloads>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: impossible d'ouvrir « sha256sum.txt.gpg » : No such file or directory
gpg: verify signatures failed: No such file or directory
It is the exact names of my files and in the right directory, I tried with quotes as well for each filename. No success
Thanks.
Here's the message
gpg --verify sha256sum.txt.gpg sha256sum.txt
C:\Mes documents\Downloads>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: impossible d'ouvrir « sha256sum.txt.gpg » : No such file or directory
gpg: verify signatures failed: No such file or directory
It is the exact names of my files and in the right directory, I tried with quotes as well for each filename. No success
Thanks.
Re: How to verify the ISO image on Windows
Don't you worry, this is unfortunately unnecessarily complicated. Think of it as an entrance exam. Using Linux itself will be much easier.
In this case I have to doubt that those files exist with the correct names and/or are in that directory. Remember that you did not download the key to that directory, either, that's why you had the previous issue. The key is in the subdirectory iso 32bit in your downloads directory, so I'd say there's a very good chance that you placed all your other files in that same directory as well. Either shift-right-click that directory in Explorer to open a command window there as explained in the guide, or with your existing command window the commandjonpoljones wrote: ⤴Thu Jan 02, 2020 1:03 pm It is the exact names of my files and in the right directory, I tried with quotes as well for each filename. No success
cd "iso 32bit"
will get you there, too. Re: How to verify the ISO image on Windows
Thanks, seems that the whole problem since the beginning was that to open a command windows by right-clicking on the ISO 32 bit folder, it left my command in the precedent folder (downloads). I had to create a empty folder inside ISO32bit to be able to use right-click command prompte here. Basically i am good to do my USB bootable linux mint now. thanks
Re: How to verify the ISO image on Windows
Oh weird, but glad you figured it out.jonpoljones wrote: ⤴Thu Jan 02, 2020 3:43 pm Thanks, seems that the whole problem since the beginning was that to open a command windows by right-clicking on the ISO 32 bit folder, it left my command in the precedent folder (downloads). I had to create a empty folder inside ISO32bit to be able to use right-click command prompte here. Basically i am good to do my USB bootable linux mint now. thanks
-
- Level 2
- Posts: 63
- Joined: Fri Dec 27, 2019 7:23 pm
Re: How to verify the ISO image on Windows
Thank for your reply. Where I got the original ISO from (a mirror listed here: https://www.linuxmint.com/edition.php?id=274), is this not the same place where I got the hash sum a few days later(which was here: https://www.linuxmint.com/mirrors.php)? If they come from the same place, wouldn't they be the same?gm10 wrote: ⤴Tue Dec 31, 2019 12:23 amWhile you could, the recommended way is just to go to https://linuxmint.com/verify.php for the release you are downloading and then they are linked right there. But at the end of the day it does not matter where they come from - if either of them have been modified then either authentication will either fail or use the wrong key. That's why we do that step.MintUser19 wrote: ⤴Mon Dec 30, 2019 10:46 pm I would think that I should get the 'sha256sum.txt' & 'sha256sum.txt.gpg ' files from the same link as I got the ISO.
Thanks
Re: How to verify the ISO image on Windows
Well, they should be the same everywhere, but we do that entire step just to make sure that that's true, that the files have not been tampered with. So again, it does not matter where you get the files from as long as they do properly authenticate (with the correct fingerprint).MintUser19 wrote: ⤴Sun Jan 12, 2020 2:51 am If they come from the same place, wouldn't they be the same?
Re: How to verify the ISO image on Windows
Dear All,
thanks a lot for all the help! I'm a Windows 7 user
I would really like to become a linux user, I've been reading a lot about it, since years! but didn't have the guts to try it.
I downloaded the ISO file linuxmint-19.3-cinnamon-64bit. I managed to verify the integrity of the ISO but I'm having troubles to verify the authenticity. I used all these commands with and without (") no luck and always the same answer "gpg: keyserver receive failed: server indicated a failure"
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg --keyserver keyserver.ubuntu.com --recv-key "27DEB15644C6B3CF3BD7D291300F846BA25BAE09"
gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key "27DEB15644C6B3CF3BD7D291300F846BA25BAE09"
Always the same "gpg: keyserver receive failed: server indicated a failure", Is windows 7 the problem? can anybody help?
thanks a lot!
thanks a lot for all the help! I'm a Windows 7 user
I would really like to become a linux user, I've been reading a lot about it, since years! but didn't have the guts to try it.
I downloaded the ISO file linuxmint-19.3-cinnamon-64bit. I managed to verify the integrity of the ISO but I'm having troubles to verify the authenticity. I used all these commands with and without (") no luck and always the same answer "gpg: keyserver receive failed: server indicated a failure"
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg --keyserver keyserver.ubuntu.com --recv-key "27DEB15644C6B3CF3BD7D291300F846BA25BAE09"
gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key "27DEB15644C6B3CF3BD7D291300F846BA25BAE09"
Always the same "gpg: keyserver receive failed: server indicated a failure", Is windows 7 the problem? can anybody help?
thanks a lot!
Re: How to verify the ISO image on Windows
If you're not blocking the connection with a personal firewall/anti-virus or something like that, then no, the problem is probably with gpg, and you are not alone with it, that's why I have so many variants of the command in the guide.
The best I can offer you at this point is the hash for linuxmint-19.3-cinnamon-64bit.iso, which I authenticated on my system:
Code: Select all
7a9e54212433c8547edfd789ac933c91a9bde1a61196fa7977c5357a2c40292d
Welcome to Linux - using it will be easier than this.
Re: How to verify the ISO image on Windows
I have this utility installed on my Windows system: MD5_and_SHA_Checksum_Utility.exe. You can search for it on the internet and it is very easy to use and it brought up the correct sha256sum. No need to go through all the other hoops to verify the iso.
-
- Level 3
- Posts: 151
- Joined: Thu Mar 12, 2020 3:50 pm
Re: How to verify the ISO image on Windows
Thank you so much for this tutorial @gm10!
I ran into the same problem as several others here (I downloaded all the files correctly, put them all in a folder, installed the GNU Privacy guard) that the verification process worked fine, but the authentication process didn't go anywhere. My system / cmd just returned repeatedly the error that 'gpg' is not recognized as an internal or external command.
I was about to pull out my hair, or worse: give up on giving Linux a try (again, just like 15 years ago), when I read somewhere that a reboot might solve my problem. And it did! Yipiieh! So, PLEASE add this info that when the above error message appears, simply reboot your windows machine.
Thanks again!!
I ran into the same problem as several others here (I downloaded all the files correctly, put them all in a folder, installed the GNU Privacy guard) that the verification process worked fine, but the authentication process didn't go anywhere. My system / cmd just returned repeatedly the error that 'gpg' is not recognized as an internal or external command.
I was about to pull out my hair, or worse: give up on giving Linux a try (again, just like 15 years ago), when I read somewhere that a reboot might solve my problem. And it did! Yipiieh! So, PLEASE add this info that when the above error message appears, simply reboot your windows machine.
Thanks again!!
LM 21.1 cinnamon on PC built by myself in 2008
LM 21.3 cinnamon on Macbook Air
Living in Linux Mint land since 2020, after decades on Microsoft (from DOS to Win7).
LM 21.3 cinnamon on Macbook Air
Living in Linux Mint land since 2020, after decades on Microsoft (from DOS to Win7).
Re: How to verify the ISO image on Windows
So, I'm still having issues at this point. I have the ISO, and the 2 files in my folder with the crrect names, and I'm getting the error message that this user referred to. Could anyone offer me any advice?karlchen wrote: ⤴Wed Apr 10, 2019 6:40 pm Hi, Maxmagicbanana.
You have verified that both files,Code: Select all
PS C:\Users\maxmagicbanana\Desktop\Linux> gpg --verify sha256sum.txt.gpg sha256sum.txt gpg: impossible d'ouvrir « sha256sum.txt.gpg » : No such file or directory gpg: verify signatures failed: No such file or directory
sha256sum.txt.gpg
andsha256sum.txt
, are located in the same folder, in folderC:\Users\maxmagicbanana\Desktop\Linux
?
Regards,
Karl
Thanks
Travis
Re: How to verify the ISO image on Windows
So, update to my sitation I have gotten the last command
Thanks!
gpg --verify sha256sum.txt.gpg sha256sum.txt
to run through my powershell, however, I now keep getting a bad signature error. I have tried installing from 3 different mirrors and all the same results. I know the problem is me... can anyone offer help?Thanks!
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: How to verify the ISO image on Windows
While you've confirmed all the files are in the same directory, is your Powershell session occurring within that same directory as well?tnerd wrote: ... to run through my powershell ...
Re: How to verify the ISO image on Windows
Thank you for your reply. My power shell is located at correct point. I used the shift-right click method, at a folder I named linux download, on my desktop. The path on my power shell is C:/Users/travi/OneDrive/Desktop/linux downlad>
Also, the first two commands produce the desired result.
CertUtil -hashfile filename.iso SHA256
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
Both of these commands produce the desired result. I have tried 3 different mirrors. I'm going to try try download 19.2 and see if I run into the same issue. Below is the read out from my powershell. Thanks for the help!
Also, the first two commands produce the desired result.
CertUtil -hashfile filename.iso SHA256
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
Both of these commands produce the desired result. I have tried 3 different mirrors. I'm going to try try download 19.2 and see if I run into the same issue. Below is the read out from my powershell. Thanks for the help!
Code: Select all
PS C:\Users\travi\OneDrive\Desktop\linux download> CertUtil -hashfile .\linuxmint-19.3-cinnamon-64bit.iso SHA256
SHA256 hash of .\linuxmint-19.3-cinnamon-64bit.iso:
7a9e54212433c8547edfd789ac933c91a9bde1a61196fa7977c5357a2c40292d
CertUtil: -hashfile command completed successfully.
PS C:\Users\travi\OneDrive\Desktop\linux download> gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: key 300F846BA25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
PS C:\Users\travi\OneDrive\Desktop\linux download> gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 12/16/19 10:10:16 Eastern Standard Time
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
- JoeFootball
- Level 13
- Posts: 4673
- Joined: Tue Nov 24, 2009 1:52 pm
- Location: /home/usa/mn/minneapolis/joe
Re: How to verify the ISO image on Windows
You're getting a very different error. The other error wastnerd wrote: ... and I'm getting the error message that this user referred to.
verify signatures failed: No such file or directory
, which meant that gpg couldn't find the files. You're not having that particular problem, which is what lead me astray.gpg is finding the files in your case, but cannot authenticate them. I unfortunately do not have Windows nor Powershell, so I can't replicate your environment, but I can't replicate your result in Linux (it works for me). That said, I don't think that Windows/Powershell is the issue.tnerd wrote: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>"
To be clear, have you been getting new gpg files from multiple mirrors as well? These are the two files/location that I just used with success...tnerd wrote: I have tried installing from 3 different mirrors and all the same results.
https://mirrors.evowise.com/linuxmint/stable/19.3/sha256sum.txt
https://mirrors.evowise.com/linuxmint/stable/19.3/sha256sum.txt.gpg
Since you appear to be importing the signing key correctly, I think it's something wrong with the gpg files.
Re: How to verify the ISO image on Windows
Thank you for your reply! I have been busy for a few days and haven't had a chance to come back. I read online that if I download through a torrent I don't need to verify the ISO because Torrent does that automatically? I'll try that.
Also- I have been getting the gpg files from the link on this site. https://linuxmint.com/verify.php
From what I can tell there isn't a different gpg file from each mirror?
Also- I have been getting the gpg files from the link on this site. https://linuxmint.com/verify.php
From what I can tell there isn't a different gpg file from each mirror?