Hello.
Currently using 20.2 Cinammon, and deciding to change to 21.1 Mate.
I downloaded 21.1 Mate iso, the sha256sum.txt, and the sha256sum.txt.gpg file, all to my downloads folder, and all from linuxmint.com. I then followed the steps here https://linuxmint-installation-guide.re ... erify.html
The integrity check was fine and straightforward.
When I tried to verify the authenticity I followed the steps exactly on that page, but when I tried gpg --verify sha256sum.txt.gpg sha256sum.txt it came back with this:
So I investigated, and a thread on here advises to right click on the iso file, and there should be a "verify" option with GUI. There isn't on my iso file. All I have is an option to "check SHa256" which, as far as I can tell, is for the integrity check.
I'm a relative beginner with Linux, and I've had this problem with installs before, and ended up just ignoring it. But I don't want to do that this time, I want to be more sure it's authentic. Can anybody please help me with verifying the authenticity?
Thanks in advance.
[SOLVED] Cannot verify authenticity of 21.1
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help. Topics in this forum are automatically closed 6 months after creation.
[SOLVED] Cannot verify authenticity of 21.1
Last edited by Kunkle on Wed Feb 08, 2023 2:48 pm, edited 1 time in total.
Re: Cannot verify authenticity of 21.1
You are in your home-directory
~ and not in your downloads directory ~/Downloads. I.e., cd ~/Downloads if indeed that is where you downloaded it all to.Re: Cannot verify authenticity of 21.1
I don't quite understand what you mean. Do you mean I should download them to my home directory?
EDIT: stupid me..... I got it now.
Re: Cannot verify authenticity of 21.1
Just to double check, should I be concerend about the warning here?
Re: Cannot verify authenticity of 21.1
No, that is fine and is what the https://linuxmint-installation-guide.re ... erify.html page talks about where it says
The thing it's saying with that "Good signature from" part is that indeed the checksums.txt file was signed (in the checksums.txt.gpg file) by the "Linux Mint ISO Signing Key" as you obtained from the keyserver. What it's saying with that warning is just that you haven't told it that said key could in fact be trusted -- but given that displayed fingerprint which you can also verify on that linked page, it can, and while you could forego the warning by signing the key itself with e.g. your own private key, you shouldn't. It's after all right, and has you think about how/where you obtained the key (which as said in this case is all fine).Note
GPG might warn you that the Linux Mint signature is not trusted by your computer. This is expected and perfectly normal.
Re: Cannot verify authenticity of 21.1
Brilliant, thanks for your replies. Much appreciated.
I note the wording of the warning in terminal, and the wording on the link were a little different, so just wanted to double check.
I note the wording of the warning in terminal, and the wording on the link were a little different, so just wanted to double check.
Re: [SOLVED] Cannot verify authenticity of 21.1
Yah. I'd agree that it were better if the Linux Mint page pasted that literal GPG wording.

