How to verify ISO images
This page explains how to verify their integrity and authenticity.
Select the Linux Mint release you downloaded:
1. Create a directory called "ISO" in your home directory.
2. Move the ISO image you downloaded in this directory.
3. Download the following files and move them into the "ISO" directory.
|sha256sum.txt||Contains the SHA256 sums to check the integrity of the ISO images.|
|sha256sum.txt.gpg||Signed by the Linux Mint team to check the authenticity of the sha256sum.txt file.|
Your ~/ISO directory should now contain 3 files: Your ISO image, the sha256sum.txt file and the sha256sum.txt.gpg file.
To verify the integrity of your ISO image, generate its SHA256 sum and compare it to the one found in the sha256sum.txt file.
In most Linux distributions the SHA256 sum can be generated by opening a terminal and running the following commands:
cd cd ISO sha256sum -b *.iso
The last command should show you the SHA256 sum of your ISO file. Compare it to the one found in the sha256sum.txt. If they match, you've successfully verified the integrity of your ISO image.
Note: If you have coreutils version 8.25 or newer, another way of checking the sum is to ask the sha256sum command to check the file against the sha256sum.txt file, like this:
sha256sum --ignore-missing -c sha256sum.txt
To verify the authenticity of the sha256sum.txt file, we need to check the signature on the sha256sum.txt.gpg file.
1. Import the Linux Mint signing key:
Note: If gpg complains about the key ID, try the following commands instead:
2. Verify the authenticity of the sha256sum.txt file:
cd cd ISO gpg --verify sha256sum.txt.gpg sha256sum.txt
Note: Unless you trusted this signature in the past, or a signature which trusted it, GPG should warn you that the signature is not trusted. This is expected and perfectly normal.