Hi "viking1au", & Everyone Else,
I just read this post and the good replies to it. Here are my thoughts on this as well.
There have been numerous posts in this forum, and elsewhere, on this topic on how to verify that the Linux Mint installation, test drive, disk image files (.iso) are valid files from their original source, so that anyone who uses these file(s) to "test drive" Linux Mint, or who choose to install Linux Mint from these file(s) has a good copy (a non-tampered with copy) from the Linux Mint developers. This all stems from the fact that the Linux Mint websites were "hacked" before and that some of the files and website links were indeed altered before. The Linux Mint team has done a lot to make sure since then, that their website, and their files that you or anyone else downloads and uses are safe.
The Linux Mint files are now safe to download and use, or to install from.
So, you do not need to go through the verification steps, unless you want to.
<mod>
This piece of advice is wrong and dangerous. The official Linux Mint Installation Guide clearly tells otherwise.
</mod>
The process of verifying files using "checksum" values has been around for a long time in all operating systems, MS Windows, Mac, and Linux. Most people just do not take the time to verify the checksum values, or know how to do it, which is a little risky.
But as a responsible computer user, it is recommended that everyone, take the time to verify the files they download are from their original source before you use them. There are two generally accepted methods:
1. Verify the current "checksum" value for the downloaded "LinuxMint.iso" file to the checksum value in the checksum file provided by the Linux Mint website, "sha256sum.txt" (checksum file).
and to also
2. Verify the security "Signing Key" signature of the file. Who put the file there, where is the file from, was it the Linux Mint Developer(s) or someone else?
Verifying the "CheckSum" of a file or files is a fairly easy process, verifying the "Signing Key" Signature is a more involved process because you first have to create your own personal Signing Key Signature for comparing, if you do not already have one, and the average user does not have a personal GPG "Signing Key" (AKA Encryption Key Signature). It is not hard to create your personal signing key signature though, and there are other really good benefits to having your own personal "Key Signatures", in addition to verifying downloaded files.
99% of the time verifying (comparing) the "CheckSum" value for a file is more than enough for most people to be comfortable that the file they downloaded is okay to use, by comparing the values in the "checksum" file (sha256sum.txt) from the the website where you downloaded the ".iso" file, to the checksum value you get after you downloaded the file to your system by running some application program that reads the downloaded file and displays the current checksum value of the file. Obviously, the checksum values should match exactly.
There are numerous applications, utility programs, and "command line", or "console terminal command line", options available in all operating systems for doing this, including MS Windows, Linux, and Mac. Command line options are almost always pre-installed, but if you are not comfortable with using the command line options, there are desktop (graphical - gui) options available as well.
Desktop (GUI) Archiving programs like "7Zip" (great), and "PeaZip" (awesome), are available for Linux and MS Windows and they have options to easily calculate the checksum of the downloaded "LinuxMint.iso" file, or any other file, which you can then visually compare to the checksum file that you downloaded from the Linux Mint website. See screen shots below. In Linux, you also have the simple "GtkHash" program available to install and is super easy to use from the Software Manager or Synaptic Package Manager (SPM), just browse to the "LinuxMint.iso" file, click "hash" button in the lower right, wait a little until you see the current file checksum.
"PeaZip" (archiving program) can easily be installed from link below (click easy to install linux ".deb" file, or MS Windows users can use the link on top), and run PeaZIp to calculate the checksum value for a file. PeaZip also integrates with most file managers, so that you can right click an ".iso" file, open with PeaZip, then tell it to get the "checksum" value for the file.
Simple Instructions below:
Click "Test" in the toolbar", then click "CheckSum/hash".
or just run "PeaZip",
Click Tools, PeaUtils, click "Function", select "Hash sha-256", click "select file(s)" & browse to the "iso" file(s), click ok
http://www.peazip.org/peazip-linux.html
Linux Mint website maintainers could have made getting the checksum files much easier for everyone by providing direct links to their checksum files (sha256sum.txt (checksum file), sha256sum.txt.gpg (signature verification file)) directly on their download web pages where everyone usually downloads their copy of Linux Mint that they want to try or install (see link below for this). But, instead you have to click the link "Don't forget to verify your ISO" at the top of the Linux Mint website where you downloaded the ".iso" file, scroll down to "Steps to verify an ISO image", and click "Browse the main mirror, or choose a mirror near you", then you have to know which edition and version of Linux Mint you want to try or install, like "Debian", "Stable", or "Testing". For most people this will be "Stable", so you click that, Then you click the version of Linux Mint that you want to try or use, like version 17.3, or the brand new version 18, and then you right click the checksum file "sha256sum.txt", and save the file (Save Link As), into the same folder as you downloaded the LinuxMint.iso file. This is a lot of clicking, but it is easy to do. Some people here have been kind enough to provide links to the checksum files.
Here is a weblink where you can just click the version of Linux Mint that you want to try or install, and then download (right click save file as) the checksum files, it is called "Index of /pub/linuxmint/images/stable/"
http://mirror.jmu.edu/pub/linuxmint/images/stable/
Once you have downloaded (saved) the original checksum files from Linux Mint website along with the Linux Mint Installation, Test Drive, file (LinuxMint.iso), then you can use one the desktop programs mentioned (or a run command) to find out what the current "checksum" of the downloaded Linux Mint installation (.iso) file is, then use your file manager to right click the original Linux Mint checksum file "sha256sum.txt" that you also downloaded (saved), select "open with text editor" (open as text), and then visually compare the checksum values. If they match, then your file is good. If they do not match, then re-download the Linux Mint ".iso" file, and recheck the checksum values.
If you also want to verify the security "Signing Key" signature of the file, then follow the instructions for that process in the link below.
See section on "Verify security "Signing Key" Signature of the Linux Mint .iso file"
viewtopic.php?f=42&t=226092&p=1192608#p1192608
Hope this helps ...
GtkHash_Checksum_Compare_Cinnamon18-sm.jpg
PeaZip_CheckSum256_Cinnamon18_1sm.jpg
PeaZip_CheckSum256_Cinnamon18_3sm.jpg
