How to verify the ISO image on Windows

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

tnerd wrote: I read online that if I download through a torrent I don't need to verify the ISO because Torrent does that automatically?
You're correct that you don't need to verify the integrity of the download as the torrent does that natively. That said, it speaks nothing to the authentication. But that's your call.
tnerd wrote:Also- I have been getting the gpg files from the link on this site. https://linuxmint.com/verify.php
Yes, that's where I got them as well, yet I'm unable to replicate the behavior that you're encountering. :?
tnerd wrote:From what I can tell there isn't a different gpg file from each mirror?
That's certainly the intent. And also why authentication is leveraged for confirmation.
newling
Level 2
Level 2
Posts: 53
Joined: Tue Feb 04, 2020 2:26 pm

Re: How to verify the ISO image on Windows

Post by newling »

With all due respect to the herculean tutorial effort exerted by gm10 and contributions by others - the intractable complexity of this procedure leaves one contemplating perhaps to just risk the consequences of an unauthenticated/unintegritated install.
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

newling wrote: ... the intractable complexity ...
Speaking for myself, I don't see it that way. That said, I do concede that I don't use Windows.
newling wrote: ... just risk the consequences of an unauthenticated/unintegritated install.
I'm quite sure that many do just that, be them Windows users or not. I'm not condoning it, but it's certainly an option. I suppose it's a personal preference on how much risk one is looking to accept.
airfidget
Level 1
Level 1
Posts: 1
Joined: Sun Apr 19, 2020 2:43 pm

Re: How to verify the ISO image on Windows

Post by airfidget »

I'm getting CertUtil: Too many arguments error on the command prompt. Can someone help?
Attachments
LinuxMint issues.PNG
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

airfidget wrote: Can someone help?
I'll bet it's the space in the file name that CertUtil doesn't like. Not sure why that's in there. :?

Regardless, try using quotes around the file name, or even better, rename the file so that it doesn't have spaces.
LD Wyze
Level 1
Level 1
Posts: 3
Joined: Wed Jan 31, 2018 6:23 pm

Re: How to verify the ISO image on Windows

Post by LD Wyze »

karlchen wrote:
Sun Sep 29, 2019 3:07 pm
Hi, scrivdog.

Note:

Windows CertUtil will display the sha256 checksum with space characters to make reading easier, like you had posted:
1c 4f 48 60 44 36 85 cd 29 f1 28 f5 6f 69 0f db 32 cc b5 79

The sha256sum.txt file, however, holds the checksum without the space characters. i.e. the checksum above would look like this:
1c4f4860443685cd29f128f56f690fdb32ccb579

Question:

Which Linux Mint installation ISO image file precisely did you download?
There is no Linux Mint Matte 64-bit.
There is, however, Linux Mint 19.2 64-bit.
The corresponding download file would be named linuxmint-19.2-mate-64bit.iso
Its checksum would be: 2c1d7912a8e57ccee222487687bab27164c76bd2598395507e461e8d23d381f8 *linuxmint-19.2-xfce-64bit.iso

Regards,
Karl
These details about the space characters might be very helpful if included in the original post.
dixitnilesh
Level 1
Level 1
Posts: 1
Joined: Tue Aug 25, 2020 3:04 pm

Re: How to verify the ISO image on Windows

Post by dixitnilesh »

I'm getting this , what shoulld i do ?


D:\iso>gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: key 300F846BA25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

D:\iso>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 12/18/18 01:28:03 India Standard Time
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
deskelet
Level 1
Level 1
Posts: 2
Joined: Sat Sep 12, 2020 6:48 pm

Re: How to verify the ISO image on Windows

Post by deskelet »

Hello guys..

When I did verification on CMD, code is different, I used windows CMD and I ran these commands CertUtil -hashfile linuxmint-20-cinnamon-64bit.iso look:
SHA1 hash de linuxmint-20-cinnamon-64bit.iso:
------- edited, I remove SHA1 code posted here :) thanks for help MrEen
And here, is different: https://mirrors.evowise.com/linuxmint/s ... 256sum.txt

I downloded with torrent and after using global link, it's the same sha code... It's hacked?
Last edited by deskelet on Sat Sep 12, 2020 7:15 pm, edited 2 times in total.
User avatar
MrEen
Level 23
Level 23
Posts: 17531
Joined: Mon Jun 12, 2017 8:39 pm

Re: How to verify the ISO image on Windows

Post by MrEen »

Hi deskelet, and welcome to the forum.

I'm not at all skilled at this stuff, but I can see you ran a SHA1 check, instead of the SHA256 check.
deskelet
Level 1
Level 1
Posts: 2
Joined: Sat Sep 12, 2020 6:48 pm

Re: How to verify the ISO image on Windows

Post by deskelet »

MrEen wrote:
Sat Sep 12, 2020 7:05 pm
Hi deskelet, and welcome to the forum.

I'm not at all skilled at this stuff, but I can see you ran a SHA1 check, instead of the SHA256 check.
Thanks bro!
Maybe I forgot to write SHA256 in final command, then because I pressed TAB, used to linux, in CMD he cut this last parameter. So, now I ran correctly, OMG, thank you so much :) !!!!!!!!

Go go Linux Mint :D
CertUtil -hashfile linuxmint-20-cinnamon-64bit.iso SHA256
SHA256 hash de linuxmint-20-cinnamon-64bit.iso:
2f6ae466ec9b7c6255e997b82f162ae88bfe640a8df16d3e2f495b6281120af9
User avatar
MrEen
Level 23
Level 23
Posts: 17531
Joined: Mon Jun 12, 2017 8:39 pm

Re: How to verify the ISO image on Windows

Post by MrEen »

I'm glad it was such an easy thing to change. I hadn't even thought about autocomplete. :D
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

dixitnilesh wrote: gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
Try downloading the two SHA files again. Make sure they're both for the same version of LM that you're trying to authenticate. Make sure they're in the same directory that your executing the command from.
hoff Jack M
Level 1
Level 1
Posts: 1
Joined: Mon Sep 14, 2020 11:41 am

Re: How to verify the ISO image on Windows

Post by hoff Jack M »

I too am getting a bad signature error:

Code: Select all

Linux Installs\Cinnamon 19.2\ISO>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 07/29/19 11:43:47 Central Daylight Time
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: BAD signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
I have downloaded from several torrents and tried both 19.2 and 19.3 to see if it was an issue with a particular version. I have also downloaded fresh copies of the sha256sum.txt and sha256sum.txt.gpg, to no avail. Both versions continue to return a bad signature error.
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

hoff Jack M wrote: I have downloaded from several torrents ...
I would only use the official LM torrent, but I suppose that's a moot point if you can verify and authenticate the download.
hoff Jack M wrote: I have also downloaded fresh copies of the sha256sum.txt and sha256sum.txt.gpg, to no avail. Both versions continue to return a bad signature error.
I can't duplicate this behavior. Where are you downloading them from? I just did so from ...

https://ftp.heanet.ie/pub/linuxmint.com/stable/19.3/

... with success ...

Code: Select all

$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Mon 16 Dec 2019 09:10:16 AM CST
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
Edit: Are you using Windows antivirus software? I've heard that some will "bit tag" files when scanned, which can change their checksum. I don't have a lot of experience in that area, nor do I know if it would affect this issue, but it's something that just came to mind.
User avatar
ayush222006
Level 3
Level 3
Posts: 154
Joined: Thu Sep 03, 2020 2:47 am

Re: How to verify the ISO image on Windows

Post by ayush222006 »

gm10 wrote:
Sat Apr 13, 2019 8:57 am
karlchen thx but this is a guide for Windows so the Linux command really doesn't matter in this context. ;)
monotoned wrote:
Sat Apr 13, 2019 8:32 am
This is a really dumb question, but how do you use the find command? I typed: find "copied and pasted hash here" sha256sum.txt and got FIND: Parameter format not correct.
Not a dumb question at all but a shortcoming of my guide actually. Thanks for bringing this to my attention.

I had originally not written it with PowerShell in mind, was reminded of it later in this thread but didn't consider the implications for the find command. In PowerShell you'd need to use triple quotes """hash""". I'll adjust the guide to make everybody use cmd.exe, it's simpler.

Your Ctrl+F manual check is completely sufficient though so you do not need to do it again, using find was meant to simplify things, not complicate them as happened here. ;)
hey it's asking for the donation for downloading the software
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

ayush222006 wrote: hey it's asking for the donation for downloading the software
Who is asking for a donation to download what software?
User avatar
ayush222006
Level 3
Level 3
Posts: 154
Joined: Thu Sep 03, 2020 2:47 am

Re: How to verify the ISO image on Windows

Post by ayush222006 »

JoeFootball wrote:
Sun Nov 29, 2020 12:31 pm
ayush222006 wrote: hey it's asking for the donation for downloading the software
Who is asking for a donation to download what software?
the gnupg software
the website/app holders are asking for donation to download the software

https://gpg4win.org/get-gpg4win.html
User avatar
JoeFootball
Level 10
Level 10
Posts: 3326
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to verify the ISO image on Windows

Post by JoeFootball »

ayush222006 wrote: the gnupg software
the website/app holders are asking for donation to download the software
Yes, you're correct. If you use that particular link, they are indeed requesting a donation. It also appears there's a $0 option there as well, but I did not investigate it.

That said, if you use the download link that the tutorial directs you to, you can download that software without a donation request.

Edit: Per the tutorial, use the download link that the red arrow is pointing to ...

rkYNlLI.png
User avatar
karlchen
Level 21
Level 21
Posts: 13806
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: How to verify the ISO image on Windows

Post by karlchen »

<mod> danscozia's Italian help request on the (English) tutorial moved to Italian Language sub-forum: > here < </mod>
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Seaside Rendezvous
User avatar
ayush222006
Level 3
Level 3
Posts: 154
Joined: Thu Sep 03, 2020 2:47 am

Re: How to verify the ISO image on Windows

Post by ayush222006 »

JoeFootball wrote:
Sun Nov 29, 2020 2:10 pm
ayush222006 wrote: the gnupg software
the website/app holders are asking for donation to download the software
Yes, you're correct. If you use that particular link, they are indeed requesting a donation. It also appears there's a $0 option there as well, but I did not investigate it.

That said, if you use the download link that the tutorial directs you to, you can download that software without a donation request.

Edit: Per the tutorial, use the download link that the red arrow is pointing to ...


rkYNlLI.png

hey
thanks buddy
you are best you help me every time
again you saved my time and effort
Post Reply

Return to “Tutorials”