How to verify the ISO image on Windows

Write tutorials here
There are more tutorials here http://community.linuxmint.com/tutorial/welcome
Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
gm10
Level 18
Level 18
Posts: 8131
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Fri Jun 28, 2019 4:19 pm

astroannie wrote:
Fri Jun 28, 2019 3:53 pm
I'm getting this message:

Code: Select all

gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
I'm expecting this is not a pass. After several BAD ISO's I'm trying for a good.
Assuming you typed the command line exactly as I wrote (and didn't switch the argument order or something like that), this means that the file sha256sum.txt.gpg is bad, try to download it again.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

Sutla
Level 1
Level 1
Posts: 1
Joined: Sat Jul 27, 2019 4:29 am

Re: How to verify the ISO image on Windows

Post by Sutla » Sat Jul 27, 2019 9:20 am

In the original instruction this comment was left; "In most Linux distributions the SHA256 sum can be generated by opening a terminal and running the following commands:"
The problem with these instructions is that while many might understand Linux and the terminology, most that want to try this for the first time will have no clue.
This simple process of verification is very off putting and makes many, I assume, turn around at the door.
I have used Linux Mint 18 Cinnamon before and found the software a pure delight in many regards.
Currently I want it dual booted with Windows as I am using a few apps for which there is no Linux options.
On the previous install I skipped the verification and was lucky enough to get a good install. This time round I have found an issue and can't be sure my download is good. The most logical thing to do is to verify my download first before downloading it a second time or before looking for problems elsewhere.
The instructions here and on the verification page have me ready to quit on installing the software.

What is a terminal???? I believe it is the same as a DOS command window but can't be sure and because I am still working on a Windows system and not yet on Linux this makes it even more confusing. I do not see the term "terminal" commonly used by Windows users.

Another problem I have run into is that on both Firefox and Chrome when right clicking on the "sha256sum.txt" file the option to save is not available but only an option to "save link as...". I am sure "save as" and "save link as" is not the same thing.

User avatar
karlchen
Level 20
Level 20
Posts: 11042
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: How to verify the ISO image on Windows

Post by karlchen » Sat Jul 27, 2019 9:59 am

Hello, Sutla.

I am not sure why you complain about gm10's instruction on "How to verify the ISO image on Windows", post #1 in this thread here.
I checked the instruction for the Linux term terminal; and I did not find it. gm10 explains the procedure in Windows terms for Windows users.
So why do you complain to him about terms only used in the genuine Linux instruction?

The reason why gm10 created his tutorial "How to verify the ISO image on Windows" was precisely that the Linux instruction is only usable (unmodified) on Linux and that Windows users, who have not got any Linux system, yet, need an instruction, which they can follow on the Windows system, which they have got and which they are used to.

gm10 is really the wrong person to complain to about how complicated the procedure is.

Actually it is not. Once you have understood how it works:
+ You download the needed ISO image file
+ You find out what the sha256 checksum of the downloaded file is.
+ You compare your sha256 checksum to the official sha256 checksums list, published by the Mint makers.
+ If they match, your ISO image has been downloaded correctly and not been tampered with.
+ But wait: the published sha256 checksums list might have been manipulated by bad guys.
+ So now you check that the sha256 checksums list is genuine.
+ In case it is, all is good. No manipulation occurred.

Regards,
Karl
Image
Linux Mint 19.2 32-bit xfce Desktop, Total Commander 9.22a 32-bit
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Windows? - 1 window in every room

gm10
Level 18
Level 18
Posts: 8131
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sat Jul 27, 2019 10:21 am

Sutla wrote:
Sat Jul 27, 2019 9:20 am
In the original instruction this comment was left; "In most Linux distributions the SHA256 sum can be generated by opening a terminal and running the following commands:"
The problem with these instructions is that while many might understand Linux and the terminology, most that want to try this for the first time will have no clue.
This simple process of verification is very off putting and makes many, I assume, turn around at the door.
I have used Linux Mint 18 Cinnamon before and found the software a pure delight in many regards.
Currently I want it dual booted with Windows as I am using a few apps for which there is no Linux options.
On the previous install I skipped the verification and was lucky enough to get a good install. This time round I have found an issue and can't be sure my download is good. The most logical thing to do is to verify my download first before downloading it a second time or before looking for problems elsewhere.
The instructions here and on the verification page have me ready to quit on installing the software.

What is a terminal???? I believe it is the same as a DOS command window but can't be sure and because I am still working on a Windows system and not yet on Linux this makes it even more confusing. I do not see the term "terminal" commonly used by Windows users.
This thread is about my tutorial for doing it on Windows. Your comments are about the Linux instructions and thus not helpful in this thread. If you want to suggest improvements to the Linux instructions best create a thread in the suggestions forum.
Sutla wrote:
Sat Jul 27, 2019 9:20 am
Another problem I have run into is that on both Firefox and Chrome when right clicking on the "sha256sum.txt" file the option to save is not available but only an option to "save link as...". I am sure "save as" and "save link as" is not the same thing.
I had hoped that any mildly intelligent person would be able to extrapolate from "Save as" to their actual "Save XXX as" option, however I take your point and added "(exact wording varies depending on your browser)" to the guide to remove any doubt. I cannot edit the Linux instructions on the web site so see above regarding a suggestions thread.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

MxRockatansky
Level 1
Level 1
Posts: 2
Joined: Mon Jul 29, 2019 7:36 am

Re: How to verify the ISO image on Windows

Post by MxRockatansky » Mon Jul 29, 2019 7:58 am

I'm repeatedly getting a hash (that seems consistent across multiple download mirrors) different to the sha256sum.txt file, starting 7b53. I'm trying to download 19.1 Xfce 64 bit on a Windows 7 comp. Can anyone help?

User avatar
karlchen
Level 20
Level 20
Posts: 11042
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: How to verify the ISO image on Windows

Post by karlchen » Mon Jul 29, 2019 8:42 am

Hello, McRockatansky.

This is the official sha256 checksum for Mint 19.1 64-bit xfce (linuxmint-19.1-xfce-64bit.iso):
7b53b29a34cfef4ddfe24dac27ee321c289dc2ed8b0c1361666bbee0f6ffa9f4 *linuxmint-19.1-xfce-64bit.iso
Cf. this file (Mint 19.1) sha256sum.txt

In case you keep on getting a different sha256 checksum, the question raises, whether you really downloaded this ISO: linuxmint-19.1-xfce-64bit.iso
In case you get precisely this sha256 checksum, but your sha256sum.txt file does not list it, the question raises, whether you downloaded the sha256sum.txt for a different Mint release perhaps.

Regards,
Karl
Image
Linux Mint 19.2 32-bit xfce Desktop, Total Commander 9.22a 32-bit
Linux Mint 18.1 64-bit Cinnamon Desktop, Total Commander 9.22a 64-bit
Windows? - 1 window in every room

MxRockatansky
Level 1
Level 1
Posts: 2
Joined: Mon Jul 29, 2019 7:36 am

Re: How to verify the ISO image on Windows

Post by MxRockatansky » Mon Jul 29, 2019 4:24 pm

Ok, thanks. I didn't realise the sha256sum contained all the versions, I just compared the start of mine with the start of the file. Opening it in browser makes it obvious because there's line breaks, but in notepad I missed that the text kept going. And I think the find command failed because I put in spaces. My bad, thanks for the assist!

momist
Level 4
Level 4
Posts: 202
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: How to verify the ISO image on Windows

Post by momist » Sat Aug 03, 2019 5:28 am

Hi. I'm trying to download and verify the latest 19.2 Cinnamon image. I've got as far as a satisfactory integrity check, but have trouble with the authenticity check. When I follow the instructions (I think correctly) I get this report:

gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: key 300F846BA25BAE09: "Linux Mint ISO Signing Key <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
PS C:\Users\stewa\Downloads> gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: can't open 'sha256sum.txt.gpg': No such file or directory
gpg: verify signatures failed: No such file or directory

The file in my Downloads directory is called sha256sum.txt.gpg.txt changing it doesn't work.
Please what have I done wrong?
momist : a follower of the Greek god Momer.

gm10
Level 18
Level 18
Posts: 8131
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sat Aug 03, 2019 5:42 am

momist wrote:
Sat Aug 03, 2019 5:28 am
The file in my Downloads directory is called sha256sum.txt.gpg.txt changing it doesn't work.
Please what have I done wrong?
Quite possibly you didn't download using Right click > Save as as per the instructions and should just delete both sha256sum files and redownload them correctly. Otherwise you can try the command like this:

Code: Select all

gpg --verify sha256sum.txt.gpg.txt sha256sum.txt
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

momist
Level 4
Level 4
Posts: 202
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: How to verify the ISO image on Windows

Post by momist » Sat Aug 03, 2019 7:29 am

Yes, I tried this.

Code: Select all

 gpg --verify sha256sum.txt.gpg.txt sha256sum.txt
gpg: Signature made 07/29/19 17:43:47 GMT Summer Time
gpg:                using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
I'm using a shiny new version of Windows 10, and struggling as I've not touched Windows for nearly 10 years, and that was Win XP!
I did do the right click, as instructed, but it seems windows adds the .txt to the end because it 'recognises' a text file? Deleting the .txt is altering what you've downloaded, so I expect that causes the fail.
I'll try going through it all again.
momist : a follower of the Greek god Momer.

momist
Level 4
Level 4
Posts: 202
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: How to verify the ISO image on Windows

Post by momist » Sat Aug 03, 2019 7:33 am

Same result after repeating 'save as'.
momist : a follower of the Greek god Momer.

gm10
Level 18
Level 18
Posts: 8131
Joined: Thu Jun 21, 2018 5:11 pm

Re: How to verify the ISO image on Windows

Post by gm10 » Sat Aug 03, 2019 7:43 am

momist wrote:
Sat Aug 03, 2019 7:29 am

Code: Select all

gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
so I expect that causes the fail.
Why fail? To quote my guide:
gm10 wrote:
Thu Mar 28, 2019 5:02 pm
As long as it says Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" that means your download is authentic.
You're good. ;)

Next steps are creating the installation medium and installing.
Tune up your LM 19.x: ppa:gm10/linuxmint-tools

momist
Level 4
Level 4
Posts: 202
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: How to verify the ISO image on Windows

Post by momist » Sat Aug 03, 2019 7:50 am

Ah!! "Note: Unless you trusted this signature in the past, or a signature which trusted it, GPG should warn you that the signature is not trusted. This is expected and perfectly normal." Sorry everyone, I missed that. :oops:
momist : a follower of the Greek god Momer.

momist
Level 4
Level 4
Posts: 202
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: How to verify the ISO image on Windows

Post by momist » Sat Aug 03, 2019 7:53 am

Thanks GM10 for your help here. I'm brain-fogged this morning from an illness I have, but no excuse. I should have read it more carefully. I'm now good to go once the new SSD arrives today. It'll be a relief to be back on Linux Mint, I'm missing it after a stupid error which left me in disaster recovery.
momist : a follower of the Greek god Momer.

User avatar
busdriver12
Level 1
Level 1
Posts: 2
Joined: Mon Aug 12, 2019 9:34 am
Location: Perth WA

Re: How to verify the ISO image on Windows

Post by busdriver12 » Mon Aug 12, 2019 10:38 am

Sorry to pile on, but I too am having problems with the process. I am running Win7 and have saved the distro and the 2 other files (sha256sum.txt and sha256sum.txt.gpg). I am successful with the autheticity check but the Integrity check fails (see below):

Code: Select all

c:\Users\Phil\Downloads\ISO>CertUtil -hashfile linuxmint-19.2-cinnamon-64bit.iso SHA256
CertUtil: -hashfile command FAILED: 0x80070002 (WIN32: 2)
CertUtil: The system cannot find the file specified.
Here are the contents of the directory containing

Code: Select all

c:\Users\Phil\Downloads\ISO>dir /o/aa
 Volume in drive C has no label.
 Volume Serial Number is 0EC5-7FF1

 Directory of c:\Users\Phil\Downloads\ISO

12/08/2019  14:16     2,009,333,760 linuxmint-19.2-cinnamon-64bit.iso
12/08/2019  20:54               584 sha256sum.txt
12/08/2019  20:55               833 sha256sum.txt.gpg
               3 File(s)  2,009,335,177 bytes
               0 Dir(s)  545,105,268,736 bytes free
The error code suggests to me that one of the files is not where it expected to be but I am no expert.

I knew I was going to find this moving to linux a challenging process but am having a chuckle that my first roadblock is at the very beginning!

TIA for any help.
Phil

[Edit] I've managed to solve the problem by putting the full pathname of the iso file. The modified command is:

Code: Select all

CertUtil -hashfile c:\Users\Phil\Downloads\linuxmint-19.2-cinnamon-64bit.iso SHA256
I don't know how any times in the past I've had to do this and kicking myself I didn't spot it straight away!

Although it doesn't affect my situation, if there are any spaces in your file/pathname I suggest you enclose it in quotes seeing you are working in the windows universe. Hope this helps :)
Phil

Post Reply

Return to “Tutorials”