How to verify the ISO image on Windows

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
User avatar
JoeFootball
Level 9
Level 9
Posts: 2681
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

tnerd wrote: I read online that if I download through a torrent I don't need to verify the ISO because Torrent does that automatically?
You're correct that you don't need to verify the integrity of the download as the torrent does that natively. That said, it speaks nothing to the authentication. But that's your call.
tnerd wrote:Also- I have been getting the gpg files from the link on this site. https://linuxmint.com/verify.php
Yes, that's where I got them as well, yet I'm unable to replicate the behavior that you're encountering. :?
tnerd wrote:From what I can tell there isn't a different gpg file from each mirror?
That's certainly the intent. And also why authentication is leveraged for confirmation.
newling
Level 2
Level 2
Posts: 52
Joined: Tue Feb 04, 2020 2:26 pm

Re: How to verify the ISO image on Windows

Post by newling »

With all due respect to the herculean tutorial effort exerted by gm10 and contributions by others - the intractable complexity of this procedure leaves one contemplating perhaps to just risk the consequences of an unauthenticated/unintegritated install.
User avatar
JoeFootball
Level 9
Level 9
Posts: 2681
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

newling wrote: ... the intractable complexity ...
Speaking for myself, I don't see it that way. That said, I do concede that I don't use Windows.
newling wrote: ... just risk the consequences of an unauthenticated/unintegritated install.
I'm quite sure that many do just that, be them Windows users or not. I'm not condoning it, but it's certainly an option. I suppose it's a personal preference on how much risk one is looking to accept.
airfidget
Level 1
Level 1
Posts: 1
Joined: Sun Apr 19, 2020 2:43 pm

Re: How to verify the ISO image on Windows

Post by airfidget »

I'm getting CertUtil: Too many arguments error on the command prompt. Can someone help?
Attachments
LinuxMint issues.PNG
User avatar
JoeFootball
Level 9
Level 9
Posts: 2681
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

airfidget wrote: Can someone help?
I'll bet it's the space in the file name that CertUtil doesn't like. Not sure why that's in there. :?

Regardless, try using quotes around the file name, or even better, rename the file so that it doesn't have spaces.
LD Wyze
Level 1
Level 1
Posts: 3
Joined: Wed Jan 31, 2018 6:23 pm

Re: How to verify the ISO image on Windows

Post by LD Wyze »

karlchen wrote:
Sun Sep 29, 2019 3:07 pm
Hi, scrivdog.

Note:

Windows CertUtil will display the sha256 checksum with space characters to make reading easier, like you had posted:
1c 4f 48 60 44 36 85 cd 29 f1 28 f5 6f 69 0f db 32 cc b5 79

The sha256sum.txt file, however, holds the checksum without the space characters. i.e. the checksum above would look like this:
1c4f4860443685cd29f128f56f690fdb32ccb579

Question:

Which Linux Mint installation ISO image file precisely did you download?
There is no Linux Mint Matte 64-bit.
There is, however, Linux Mint 19.2 64-bit.
The corresponding download file would be named linuxmint-19.2-mate-64bit.iso
Its checksum would be: 2c1d7912a8e57ccee222487687bab27164c76bd2598395507e461e8d23d381f8 *linuxmint-19.2-xfce-64bit.iso

Regards,
Karl
These details about the space characters might be very helpful if included in the original post.
dixitnilesh
Level 1
Level 1
Posts: 1
Joined: Tue Aug 25, 2020 3:04 pm

Re: How to verify the ISO image on Windows

Post by dixitnilesh »

I'm getting this , what shoulld i do ?


D:\iso>gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: key 300F846BA25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

D:\iso>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 12/18/18 01:28:03 India Standard Time
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
deskelet
Level 1
Level 1
Posts: 2
Joined: Sat Sep 12, 2020 6:48 pm

Re: How to verify the ISO image on Windows

Post by deskelet »

Hello guys..

When I did verification on CMD, code is different, I used windows CMD and I ran these commands CertUtil -hashfile linuxmint-20-cinnamon-64bit.iso look:
SHA1 hash de linuxmint-20-cinnamon-64bit.iso:
------- edited, I remove SHA1 code posted here :) thanks for help MrEen
And here, is different: https://mirrors.evowise.com/linuxmint/s ... 256sum.txt

I downloded with torrent and after using global link, it's the same sha code... It's hacked?
Last edited by deskelet on Sat Sep 12, 2020 7:15 pm, edited 2 times in total.
User avatar
MrEen
Level 21
Level 21
Posts: 13154
Joined: Mon Jun 12, 2017 8:39 pm

Re: How to verify the ISO image on Windows

Post by MrEen »

Hi deskelet, and welcome to the forum.

I'm not at all skilled at this stuff, but I can see you ran a SHA1 check, instead of the SHA256 check.
deskelet
Level 1
Level 1
Posts: 2
Joined: Sat Sep 12, 2020 6:48 pm

Re: How to verify the ISO image on Windows

Post by deskelet »

MrEen wrote:
Sat Sep 12, 2020 7:05 pm
Hi deskelet, and welcome to the forum.

I'm not at all skilled at this stuff, but I can see you ran a SHA1 check, instead of the SHA256 check.
Thanks bro!
Maybe I forgot to write SHA256 in final command, then because I pressed TAB, used to linux, in CMD he cut this last parameter. So, now I ran correctly, OMG, thank you so much :) !!!!!!!!

Go go Linux Mint :D
CertUtil -hashfile linuxmint-20-cinnamon-64bit.iso SHA256
SHA256 hash de linuxmint-20-cinnamon-64bit.iso:
2f6ae466ec9b7c6255e997b82f162ae88bfe640a8df16d3e2f495b6281120af9
User avatar
MrEen
Level 21
Level 21
Posts: 13154
Joined: Mon Jun 12, 2017 8:39 pm

Re: How to verify the ISO image on Windows

Post by MrEen »

I'm glad it was such an easy thing to change. I hadn't even thought about autocomplete. :D
User avatar
JoeFootball
Level 9
Level 9
Posts: 2681
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

dixitnilesh wrote: gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
Try downloading the two SHA files again. Make sure they're both for the same version of LM that you're trying to authenticate. Make sure they're in the same directory that your executing the command from.
hoff Jack M
Level 1
Level 1
Posts: 1
Joined: Mon Sep 14, 2020 11:41 am

Re: How to verify the ISO image on Windows

Post by hoff Jack M »

I too am getting a bad signature error:

Code: Select all

Linux Installs\Cinnamon 19.2\ISO>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 07/29/19 11:43:47 Central Daylight Time
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
I have downloaded from several torrents and tried both 19.2 and 19.3 to see if it was an issue with a particular version. I have also downloaded fresh copies of the sha256sum.txt and sha256sum.txt.gpg, to no avail. Both versions continue to return a bad signature error.
User avatar
JoeFootball
Level 9
Level 9
Posts: 2681
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

hoff Jack M wrote: I have downloaded from several torrents ...
I would only use the official LM torrent, but I suppose that's a moot point if you can verify and authenticate the download.
hoff Jack M wrote: I have also downloaded fresh copies of the sha256sum.txt and sha256sum.txt.gpg, to no avail. Both versions continue to return a bad signature error.
I can't duplicate this behavior. Where are you downloading them from? I just did so from ...

https://ftp.heanet.ie/pub/linuxmint.com/stable/19.3/

... with success ...

Code: Select all

$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Mon 16 Dec 2019 09:10:16 AM CST
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
Edit: Are you using Windows antivirus software? I've heard that some will "bit tag" files when scanned, which can change their checksum. I don't have a lot of experience in that area, nor do I know if it would affect this issue, but it's something that just came to mind.
Post Reply

Return to “Tutorials”