It is very easy to check the download by right click the ISO file. A check program starts to assist the Integrity check and the Authenticity check.
But personally I am confused by two facts.
1. The checksum must be copied manually in to the field though the files are entered. Why this?
2. After successful Integrity check and the Authenticity check an error is always and always reported. Is this harmful?
73 Norbert
[SOLVED] Two questions about the checking of ISOs
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums within the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums within the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
[SOLVED] Two questions about the checking of ISOs
Last edited by Moem on Mon Jan 08, 2024 2:55 pm, edited 2 times in total.
Reason: Marked your post as [SOLVED] for you.
Reason: Marked your post as [SOLVED] for you.
Re: Two questions about the checking of ISOs
Interested in Mint LMDE.
Observation: Mint LMDE ISO has no md5 checksum. Once you download it, you use what you got to verify what you got. Man in the middle could easily step in and provide his own ISO which would have his checksums. Correct?
Process is: you download the iso, burn it onto a thumbdrive and then check it with 'md5sum.txt' residing on that thumbdrive. It checks each file one by one. Thorough.
If you received a man-in-the-middle iso, you can't tell.
Correct me please, if I'm making wrong assumptions.
Observation: Mint LMDE ISO has no md5 checksum. Once you download it, you use what you got to verify what you got. Man in the middle could easily step in and provide his own ISO which would have his checksums. Correct?
Process is: you download the iso, burn it onto a thumbdrive and then check it with 'md5sum.txt' residing on that thumbdrive. It checks each file one by one. Thorough.
If you received a man-in-the-middle iso, you can't tell.
Correct me please, if I'm making wrong assumptions.
- AZgl1800
- Level 20
- Posts: 11186
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: Two questions about the checking of ISOs
May I suggest that you install GTKhash and use that instead, available in Software Manager
no inputting crc codes, it displays all of them at once,
all you need do, is compare the Results against what that ISO is supposed to be.
no inputting crc codes, it displays all of them at once,
all you need do, is compare the Results against what that ISO is supposed to be.
Re: Two questions about the checking of ISOs
This is the reason, why you check that the downloaded ISO file is genuine and has not been tampered with, first.
This is done by verifying its sha256 checksum.
This is also what Bertium had done and reported about in the initial post.
The Linux Mint ISO checksums are publically available.
Checking it is a 2 step process:
+ Locally you caclulate the sha256 checksum of the ISO file that you have downloaded
+ Next you compare the calculated sha256 checksum to the one officially published by Linux Mint. If the 2 match, the ISO is OK.
To verify that the officially published checksums are genuine you verify the signing key for the published checksum file.
Instruction on how to do all this manually: https://linuxmint-installation-guide.re ... erify.html
Because new users may not be able to follow the steps properly, most recent LM releases come with a small application which can execute the verification steps for you.
This brings us to the question asked by Bertium:
The answer to this question is given on the mentioned page https://linuxmint-installation-guide.re ... erify.html
So. No, this warning is not harmful.Note
GPG might warn you that the Linux Mint signature is not trusted by your computer. This is expected and perfectly normal.
I would have to look up how to download and import the Linux Mint signature locally. This would make the warning go away as well.
The people of Alderaan have been bravely fighting back the clone warriors sent out by the unscrupulous Sith Lord Palpatine for 792 days now.
Lifeline
Re: Two questions about the checking of ISOs
Thanks!So. No, this warning is not harmful.
I would have to look up how to download and import the Linux Mint signature locally. This would make the warning go away as well.
So I will ignore this in the future.
Because this post was moved by Moem, I can not mark it as solved. Sorry.
Re: [SOLVED] Two questions about the checking of ISOs
No worries, I've done it for you.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!