Download and Verify Integrity and Authenticity of Linux Mint 21 Cinnamon in Windows
Have you ever wanted to be sure that the files you downloaded from the internet were valid and verified. This video goes through the steps of verifying the integrity and authenticity of the Linux Mint 21 Cinnamon iso file from a download mirror to a Windows 11 computer. Windows PowerShell ISE and GnuPrivacy Guard (gpg) commands are demonstrated. You use the downloaded private key and verify the iso file by downloading a public key. This video is designed for a novice or someone who has not verified a sha256sum or software signature.
If you want to install Linux Mint 21 Cinnamon in VirtualBox see https://youtu.be/cc8_EXGK2KY.
00:00 Introduction
00:15 Terms Used in Video
01:27 Download iso and sha256sum Files
03:41 Open PowerShell ISE, Install gpg and Verify Integrity
13:19 Download Public Key and Verify Authenticity
Additional Info:
How to verify the ISO image on Windows-
https://forums.linuxmint.com/viewtopic.php?f=42&t=291093
Integrity and authenticity check with Gpg4win (change language to English if necessary)- https://antoniomedeiros.dev/blog/2018/10/05/verificacao-de-integridade-e-autenticidade-com-o-gpg4win/
Verifying data integrity and authenticity using SHA-256 and GPG- https://linuxkamarada.com/en/2018/11/08/verifying-data-integrity-and-authenticity-using-sha-256-and-gpg/
How Do I Verify a PGP Signature- https://linuxhint.com/verify-pgp-signature/
GnuPG- https://www.gnupg.org/download/index.html
Making and Verifying Signatures- https://www.gnupg.org/gph/en/manual/x135.html
Gnu Graphic- Copyright © 2020 Las, This image is available under the Creative Commons Attribution-ShareAlike 4.0 International License.
by babarehner
linux download
Thanks for the detailed walkthrough! The tutorials linked from the main page skip a few steps. I was familiar with types of hash keys and how they were generated, but I don't often use console or powershell so I was sort of at a loss on how to do what they were asking. Step by step is how I like to get things done, although I admit if I had to do it again I'd probably need to rewatch the tutorial. See you later, future me!
I had to input .sha256sum.txt.gpg.txt sha256sum.txt in 16:00 then it verified otherwise it shown no such file is found. I saw sha256sum.txt.gpg after giving ls command.
What to say 😢😢 This is an excellent presentation. I followed it to the letter and the verification was successful. Thus as far as I understand it the download wasn't corrupted. When I did the authentication it produced a string quite different from the verification was produced without an error. However the two strings in this video are exactly the same and now I'm at a loss at what to do.
Herewith the "commands and the replies". Please advise what I should do.
In PowerShell:
For the CertUtil command the result was exactly the same as in the sha256sum.txt
But after this I actually had to try the alternative commands as the original command kept on producing errors,
can't connect to the keyboxd: IPC connect failed
Eventually the following command returned a "successful" result.
C:iso>gpg –list-key –with fingerprint A25BAE09
pub rsa1024 2014-01-26 [C]
1828 xxxxxxx
uid [unknown] Totally Legit Signing Key <mallory@example.org>
Please help.
Thank you so much for this video. It's much better organized than most of the others I have found. I especially appreciate how you start by laying out the materials ( files and software) that you would be using, and making it clear you would be using a Windows computer. It's also great that you walk through the normal steps in order, without branching off for troubleshooting that probably won't be necessary.
Unfortunately, I find that the Linux Mint help pages jump around a bit too much for this part of the process, making them a bit hard to follow.
For any other creators looking to produce a "how to" video, This was a Master Class! 🙌
Thanks very much, I followed another tutorial but got stuck because it couldn't find the ISO. Your method using PowerShell ISE worked perfectly. Thanks!
Thank you! I forgot to change MD5 to SHA256 lol
How complicated! So thank you for doing tutorial. But I couldn't complete it. Did the Integrity check okay but then could not go beyond 15.18 minutes with the Authenticity check. Probably I'm not doing something right with gpg.