Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
I've downloaded the Mint 20.3 ISO, verified the integrity of the ISO image, and am trying to check the authenticity of the ISO image following what it says in the first quote below, but, as can be seen in the second quote below, I'm not---as far as I can see---getting "that it was signed with the A25BAE09 key." Any suggestions?
Authenticity check
To verify the authenticity of sha256sum.txt, check the signature of sha256sum.txt.gpg by following the steps below.
Import the Linux Mint signing key:
Check the output of the last command, to make sure the fingerprint is 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09 (with or without spaces).
Verify the authenticity of sha256sum.txt:
gpg --verify sha256sum.txt.gpg sha256sum.txt
The output of the last command should tell you that the file signature is good and that it was signed with the A25BAE09 key.
Note
GPG might warn you that the Linux Mint signature is not trusted by your computer. This is expected and perfectly normal.
From terminal. (I'm using Copy and Paste from the terminal, and also tried Copy HTML & Paste, but neither seems to work as I'd expect it to, some in black text, some in green, so I'm clearly doing something wrong, but I think all the output is there.)
martin@martin-Satellite-Pro-R50-B:~/Downloads$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Thu 13 Jan 2022 21:57:50 GMT
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
martin@martin-Satellite-Pro-R50-B:~/Downloads$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Thu 13 Jan 2022 21:57:50 GMT
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
martin@martin-Satellite-Pro-R50-B:~/Downloads$
Last edited by LockBot on Thu Jul 27, 2023 10:00 pm, edited 3 times in total.
Reason:Topic automatically closed 6 months after creation. New replies are no longer allowed.
Linux Mint 21.2 Cinnamon. 15.6 GiB. 1001.3 GB. Lenovo Thinkpad.
Yes, there is a the new graphical application "ISO Verification Tool" in Mint 21.1.
But, there is no Mint 21.2, yet.
Starting with Linux Mint 21.1, Linux Mint itself will come with an ISO Verification Tool, which will execute all the required steps, formerly explained in the verification instruction for Linux systems, in a nice GUI application:
Locate the section about the ISO Verification Tool on this webpage, please: Mint 21.1 New Features
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 771 days now. Lifeline
martin@martin-Satellite-Pro-R50-B:~/Downloads$ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Thu 13 Jan 2022 21:57:50 GMT
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
martin@martin-Satellite-Pro-R50-B:~/Downloads$
It's good. so if your ISO's SHA-256 hash matches the one in that 'sha256sum.txt' file then your ISO is good/valid.
from the 'downloads' folder run 'sha256sum NameOfIsoHere.iso'
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
stevengarland wrote: ⤴Fri Jan 27, 2023 10:47 am
There is a new tool in Mint 21.1. Do a Google search for "new iso verification tool in Munt 21.1" and you will find it.
ThaCrip wrote: ⤴Fri Jan 27, 2023 10:51 am
It's good. so if your ISO's SHA-256 hash matches the one in that 'sha256sum.txt' file then your ISO is good/valid.
from the 'downloads' folder run 'sha256sum NameOfIsoHere.iso'
It was suggested to me in an earlier thread that 20.3 works better than 21.1, so that's the ISO that I have downloaded. The 'integrity' check on the 20.3 ISO worked fine, but I'm not getting the response I should be with the 'authenticity' check (whatever that is), that is, I'm not getting the statement "that it was signed with the A25BAE09 key."
Linux Mint 21.2 Cinnamon. 15.6 GiB. 1001.3 GB. Lenovo Thinkpad.
Martin1001 wrote: ⤴Fri Jan 27, 2023 11:16 am
It was suggested to me in an earlier thread that 20.3 works better than 21.1, so that's the ISO that I have downloaded. The 'integrity' check on the 20.3 ISO worked fine, but I'm not getting the response I should be with the 'authenticity' check (whatever that is), that is, I'm not getting the statement "that it was signed with the A25BAE09 key."
p.s. unless there is a specific reason you need to use 20.3 I would suggest going to 21.1 anyways since it's supported until April 2027 instead of April 2025 that the 20.x series is. unless of course you don't mind having to update the OS a bit sooner (like clean installs etc) in which case you can stick with 20.3. I guess it just depends on how conservative you want to be with upgrading as those who like to play it extra cautious might not mind being a bit behind the 'latest-and-greatest', in which case you can opt for 20.x.
MainPC: i5-3550 (undervolted by -0.120v (CPU runs 12c cooler) /w stock i3-2120 hs/fan) | 1050 Ti 4GB | 16GB (2x 8GB) DDR3 1600Mhz RAM | Backups: AMD E-300 CPU (8GB RAM) / Athlon X2 3600+ CPU (@2.3GHz@1.35v) (4GB RAM) | All /w Mint 21.x-Xfce
Martin1001 wrote: ⤴Fri Jan 27, 2023 11:16 am
I'm not getting the statement "that it was signed with the A25BAE09 key."
Sure you are. Notice those eight characters are the last eight characters of the RSA key and key fingerprint.
More importantly, you are getting, "Good signature from "Linux Mint ISO Signing Key <root@linuxmint.com>".
If it's any consolation, almost everyone find the GPG check challenging at first. It's obscure and non-intuitive.
Indeed, anecdotally, it seems most users don't bother. The checksum test, though, don't skip that one.
karlchen wrote: ⤴Fri Jan 27, 2023 10:49 am
Yes, there is a the new graphical application "ISO Verification Tool" in Mint 21.1.
But, there is no Mint 21.2, yet.
Starting with Linux Mint 21.1, Linux Mint itself will come with an ISO Verification Tool, which will execute all the required steps, formerly explained in the verification instruction for Linux systems, in a nice GUI application:
Locate the section about the ISO Verification Tool on this webpage, please: Mint 21.1 New Features
I have downloaded new mintstick versión 1.5.5 .deb, the package that includes mint-iso-verify tool, from LM 21.1 vera repository (from here) and notice I only need to install python3-gnupg as dependency.... and well double click on .deb, ignore warning about an older package on official repository, confirm installation of commented dependency and it is working on my LM 20.3 installation.
Why it is not backported to previous (at least LM 20.X and LM21) editions?
Last edited by Jo-con-Ël on Sun Feb 19, 2023 10:31 am, edited 1 time in total.
Arrieritos semos y en el camino nos encontraremos.
And maybe the answer to that question is that tool is still on progress, not ultimate. As far as I tried (on LM 21.1, LM 20 and LM 20.3) it is maybe a bit slow on calculating SHA256sum, need to enter on url fields using TAB or would fail, it does not remember the folder when choosing local files (need to browse each time from /home/user) and takes more than 1 minute on verifying (most probably because of https://ftp.heanet.ie/mirrors/linuxmint.com default connection).
It is very easy to use and clear on result so it is a good tool in did.
mint-iso-verify (mintstick 1.5.5) installed on LM 20
Arrieritos semos y en el camino nos encontraremos.
