How to verify the ISO image on Windows

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Wed May 22, 2019 5:21 pm

havemercyonme wrote:
Wed May 22, 2019 5:19 pm
I give up. :(
Sorry I couldn't help. Fingers crossed your installation goes more smoothly. ;)

havemercyonme
Level 1
Level 1
Posts: 13
Joined: Tue May 21, 2019 8:54 pm

Re: How to verify the ISO image on Windows [SOLVED]

Post by havemercyonme » Wed May 22, 2019 5:38 pm

It worked, but the solution was purely accidental. I already had the original gpg file in the folder, so when I went to save the new one, I wanted to keep the original, so I named the one I was saving with the number 1 in it, and it saved correctly. Thanks for all of your help.

I've test-driven Linux live, and I found navigating it very sweet, so I'm looking forward to getting it installed.

I can't believe how easily I could install my HP printer which has a ridiculously large driver that takes such a long time to install on a Windows. I think I'm up to the challenge of learning a new system.

Be well. :D

Code: Select all

C:\Users\Nancy\Desktop\ISO>gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made 12/17/18 11:58:03 Pacific Standard Time
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09

LCintheSky
Level 1
Level 1
Posts: 7
Joined: Wed May 29, 2019 1:05 pm

Re: How to verify the ISO image on Windows

Post by LCintheSky » Wed May 29, 2019 1:15 pm

I am trying to do the authenticity check. I've installed GPG, and when I shift-right click on the "gnupg" folder to open the command prompt, and type "gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"," I get the response "gpg: keyserver receive failed: Server indicated a failure." What does that mean, and how can I fix it? Thank you!

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Wed May 29, 2019 1:29 pm

LCintheSky wrote:
Wed May 29, 2019 1:15 pm
I am trying to do the authenticity check. I've installed GPG, and when I shift-right click on the "gnupg" folder to open the command prompt, and type "gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"," I get the response "gpg: keyserver receive failed: Server indicated a failure." What does that mean, and how can I fix it? Thank you!
It's a network issue. Server seems up though, so try it like this:

Code: Select all

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
and if that still doesn't work, try like this:

Code: Select all

gpg --keyserver keyserver.ubuntu.com --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
Let me know which one worked (hopefully one of them did).
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

LCintheSky
Level 1
Level 1
Posts: 7
Joined: Wed May 29, 2019 1:05 pm

Re: How to verify the ISO image on Windows

Post by LCintheSky » Wed May 29, 2019 2:21 pm

Thank you, gm10, for the quick response! Unfortunately, neither one of those worked. I still get the same message. I'm running Windows 7, if that makes a difference.

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Wed May 29, 2019 3:02 pm

LCintheSky wrote:
Wed May 29, 2019 2:21 pm
Thank you, gm10, for the quick response! Unfortunately, neither one of those worked. I still get the same message. I'm running Windows 7, if that makes a difference.
You could try to reboot and then try the command again, we've seen gpg sometimes get "stuck" for a while, but otherwise I do unfortunately have no good advice at this point. If you cannot get it to work and are willing to take my word for it, here's are the authenticated contents of the file for LM 19.1, you can use those or compare with what you downloaded - next best thing to authenticating yourself ;) :

Code: Select all

b580052c4652ac8f1cbcd9057a0395642a722707d17e1a77844ff7fb4db36b70 *linuxmint-19.1-cinnamon-32bit.iso
bb4b3ad584f2fec1d91ad60fe57ad4044e5c0934a5e3d229da129c9513862eb0 *linuxmint-19.1-cinnamon-64bit.iso
ca86885e2384373f8fbb2121e2abb6298674e37fc206d3f23661ab5f1f523aba *linuxmint-19.1-mate-32bit.iso
5bc212d73800007c7c3605f03c9d5988ad99f1be9fc91024049ea4b638c33bb4 *linuxmint-19.1-mate-64bit.iso
039d619935c2993e589705e49068a6fa4dc4f9a5eb82470bc7998c9626259416 *linuxmint-19.1-xfce-32bit.iso
7b53b29a34cfef4ddfe24dac27ee321c289dc2ed8b0c1361666bbee0f6ffa9f4 *linuxmint-19.1-xfce-64bit.iso

Code: Select all

$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Mon 17 Dec 2018 08:58:03 PM CET
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [full]
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

deck_luck
Level 4
Level 4
Posts: 210
Joined: Mon May 27, 2019 6:57 pm
Location: here

Re: How to verify the ISO image on Windows

Post by deck_luck » Wed May 29, 2019 3:34 pm

Concerning the "Authenticity Check" I am curious why are you using the hkp verses the hkps protocol. The khps over https should obviate the man in the middle attack unless someone uses a proxy. Isn't the authenticity check a way to detect a man in the middle hijacking.

Reference:

hkp://keyserver.ubuntu.com:80
vs.
hkps://keyserver.ubuntu.com:443
💡Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime. ✝️

LCintheSky
Level 1
Level 1
Posts: 7
Joined: Wed May 29, 2019 1:05 pm

Re: How to verify the ISO image on Windows

Post by LCintheSky » Wed May 29, 2019 3:43 pm

Thank you!

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Wed May 29, 2019 3:50 pm

deck_luck wrote:
Wed May 29, 2019 3:34 pm
Concerning the "Authenticity Check" I am curious why are you using the hkp verses the hkps protocol. The khps over https should obviate the man in the middle attack unless someone uses a proxy. Isn't the authenticity check a way to detect a man in the middle hijacking.
Actually it was saying hkps for the reason you mentioned, I had only edited it back to hkp earlier thinking that might have been LCintheSky's issue (there had been somebody else in the thread having trouble with the hkps version for some reason). I put it back to hkps now. Wish I knew why some are having trouble with the key download... I could explain how to download the ascii armored version via the web interface and add that but I fear that would complicate things too much...

For the Linux instructions it is not saying hkps because there are some Linux distributions out there apparently which compile GnuPG without SSL/TLS support (don't ask me...).
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

polarvortex
Level 4
Level 4
Posts: 236
Joined: Sun Mar 23, 2014 1:47 am

Re: How to verify the ISO image on Windows

Post by polarvortex » Sat Jun 01, 2019 12:43 am

Maybe this will help shed light on why some are having trouble with the key download?

Code: Select all

C:\Users\username\Downloads\iso>gpg --keyserver hkps://keyserver.ubuntu.
com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: requesting key A25BAE09 from hkps server keyserver.ubuntu.com
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver helper internal error
gpg: keyserver communications error: General error
gpg: keyserver receive failed: General error

C:\Users\username\Downloads\iso>gpg --keyserver keyserver.ubuntu.com --r
ecv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" 20 new sign
atures
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   1  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 1f, 0u
gpg: Total number processed: 1
gpg:         new signatures: 20

C:\Users\username\Downloads\iso>
The first command is from the tutorial and the second command is from a few posts up.

The output of the second command looks almost completely different than in the tutorial. Was it a success?

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sat Jun 01, 2019 4:17 am

polarvortex wrote:
Sat Jun 01, 2019 12:43 am
The output of the second command looks almost completely different than in the tutorial. Was it a success?
Yes, you're good.

Also thanks for the info. I'll just add all 3 variants to the OP, this is getting silly. I'm thinking that Ubuntu may have some servers in the pool that have ports 80 and 443 disabled. The variant you successfully used uses port 11371 - which unfortunately is blocked in many networks, that's why I do not list it as the default.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

polarvortex
Level 4
Level 4
Posts: 236
Joined: Sun Mar 23, 2014 1:47 am

Re: How to verify the ISO image on Windows

Post by polarvortex » Sun Jun 02, 2019 12:10 am

gm10 wrote:
Sat Jun 01, 2019 4:17 am
Yes, you're good.
Thanks

And thanks for the great tutorial.

I got stuck on step 1 of the Authenticity Check part of the tutorial because my output was too different than that seen in the tutorial.

To address that for future readers of the tutorial, I suggest that you add something like this to the end of step 1 of the authenticity check:
The command was successful if the output includes:
"Linux Mint ISO Signing Key <root@linuxmint.com>"
and
Total number processed: 1
(That is, if that is a true statement? I think it is?)

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sun Jun 02, 2019 12:15 am

polarvortex wrote:
Sun Jun 02, 2019 12:10 am
To address that for future readers of the tutorial, I suggest that you add something like this to the end of step 1 of the authenticity check:
The command was successful if the output includes:
"Linux Mint ISO Signing Key <root@linuxmint.com>"
and
Total number processed: 1
But that's what the screenshot in that section already shows?
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

polarvortex
Level 4
Level 4
Posts: 236
Joined: Sun Mar 23, 2014 1:47 am

Re: How to verify the ISO image on Windows

Post by polarvortex » Sun Jun 02, 2019 1:08 am

gm10 wrote:
Sun Jun 02, 2019 12:15 am
But that's what the screenshot in that section already shows?
It also shows keybox created, trustdb created, and it says Mint key imported. But my output didn't show any of those things. For all I knew, those might be important things that my command failed to do.

Also my output says 20 new signatures, but the tutorial screenshot doesn't. Makes me think "what is this 20 signatures? I thought I only needed 1, maybe this thing messed up and didn't work properly?"

Also my output says 3 marginals needed, 1 completes needed. Needed? Does that mean it didn't get them? (Considering I have almost no clue what this stuff means :lol: ) And it has these lines about depth, valid, signed, trust, with weird 0f, 0q things. Maybe it got off the rails and didn't work properly? Because the screenshot in the tutorial shows nothing like that...

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sun Jun 02, 2019 2:01 am

polarvortex wrote:
Sun Jun 02, 2019 1:08 am
gm10 wrote:
Sun Jun 02, 2019 12:15 am
But that's what the screenshot in that section already shows?
It also shows keybox created, trustdb created, and it says Mint key imported. But my output didn't show any of those things. For all I knew, those might be important things that my command failed to do.
Ah, it would only show those the first time you run gpg. If you didn't get that then you already had gpg installed and run before. That also explains the other discrepancies. My screenshot is based on a clean, first time install of gpg.

But I get your point. It already says "something like this" but I'll make that even clearer. ;)
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

polarvortex
Level 4
Level 4
Posts: 236
Joined: Sun Mar 23, 2014 1:47 am

Re: How to verify the ISO image on Windows

Post by polarvortex » Sun Jun 02, 2019 2:57 am

Ah. I assumed the discrepancies were from using different versions of windows, or perhaps the slightly different gpg --keyserver commands.

In which case I figured that a big chunk of users would have different outputs and benefit from my slightly clearer instructions suggestion.

But if it's just because I ran gpg before, and I'm sure you are right about that, then I'm guessing that 99% of the people who would be using this tutorial would get the exact same output as shown. :oops:
I think I still made a valid point, just an insignificant one.

I've never installed the specific gpg install from this tutorial so I didn't make the connection, but now that I think of it, I did install gpg as part of gpg4win when I wrote a gui version of this same tutorial topic a couple years ago. Back then I wrote "There's got to be a simpler, better way to do this complete process (and there might be and I look forward to learning it if there is)". I'm so glad you wrote this tutorial, because the gui process was so long, and actually a bit problematic.
And this new tutorial is linked on the website verify page! Such a leap forward from the last time I was trying to do this, and ended up cobbling together the tutorial myself because it didn't exist back then

gm10
Level 19
Level 19
Posts: 9140
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sun Jun 02, 2019 3:09 am

polarvortex wrote:
Sun Jun 02, 2019 2:57 am
I'm so glad you wrote this tutorial, because the gui process was so long, and actually a bit problematic.
Yep, I originally wanted to go with the GUI because, well, command line is scary for Windows users, but going with the command line ended up being so much shorter and reliable so I went with that. Although the GUI has the advantage of just having to click on the file I guess.
polarvortex wrote:
Sun Jun 02, 2019 2:57 am
And this new tutorial is linked on the website verify page! Such a leap forward from the last time I was trying to do this, and ended up cobbling together the tutorial myself because it didn't exist back then
Well, I was part of the Mint dev team at the time I created this as well as some other changes to the verify page, so I had an "unfair" advantage over you there. ;)
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

Magnesium
Level 1
Level 1
Posts: 3
Joined: Tue Jun 04, 2019 5:48 am

Re: How to verify the ISO image on Windows

Post by Magnesium » Tue Jun 04, 2019 4:46 pm

When I try to do the integrity check steps I get this:

Code: Select all

C:\>CertUtil -hashfile linuxmint-19.1-cinnamon-64bit - Copy.iso SHA256
Expected no more than 2 args, received 4
CertUtil: Too many arguments

Usage:
  CertUtil [Options] -hashfile InFile [HashAlgorithm]
  Generate and display cryptographic hash over a file

Options:
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -?              -- Display a verb list (command list)
CertUtil -hashfile -?    -- Display help text for the "hashfile" verb
CertUtil -v -?           -- Display all help text for all verbs
Anyone know what i'm doing wrong?

User avatar
karlchen
Level 20
Level 20
Posts: 11309
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: How to verify the ISO image on Windows

Post by karlchen » Tue Jun 04, 2019 5:10 pm

Simple rule, can be applied on Windows as well as on Linux:
On the commandline file names / directory names, which include space characters, have to enclosed in double quotes.
Try the commandline like this:
CertUtil -hashfile "linuxmint-19.1-cinnamon-64bit - Copy.iso" SHA256
Image
Linux Mint 19.2 32-bit xfce Desktop, Total Commander 9.22a 32-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

User avatar
astroannie
Level 2
Level 2
Posts: 73
Joined: Wed May 18, 2016 1:24 pm
Location: SE Texas
Contact:

Re: How to verify the ISO image on Windows

Post by astroannie » Fri Jun 28, 2019 3:53 pm

I'm getting this message:

Code: Select all

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
I'm expecting this is not a pass. After several BAD ISO's I'm trying for a good.

Post Reply

Return to “Tutorials”