How to verify a Linux ISO image before installing it

Checksums and signatures are as important as the Linux ISO file itself when you want to make sure your OS is not corrupted or was not illegally modified.

Most of the popular Linux distro includes extra files such as checksums and signatures when you download their ISO files. These are often ignored during download. While this is not a problem for the majority of users, some users typically those having an unreliable and slow internet connection, may run into a corrupted download.

Making use of the corrupted ISO images for installation can cause an unstable PC or in worst cases, an inoperable PC too. Hence, I suggest to first authenticate the ISO image before installing it.

Lately, in 2007, the Linux Minit official website was hacked. The hackers placed a modified ISO, which included a backdoor malicious file. Thankfully, the issue was solved quickly, but this shows us the importance of verifying the downloaded ISO files before installing them. Hence this tutorial.

Verifying Linux ISO checksum

Before starting our installation, you need to make sure that your Ubuntu system is up-to-date by using the following two commands:

sudo apt update
sudo apt upgrade

Step 1. By default, the Coreutils and GnuPG packages are pre-installed on Ubuntu. So we need to make sure that both md5sum and gpg are working correctly.

md5sum --version

Md5sum Version On Ubuntu
Md5sum Version On Ubuntu

gpg --version

Gpg Version On Ubuntu
Gpg Version On Ubuntu

Step 2. Next, we need to download “SHA256SUMS” and “SHA256SUMS.gpg”, both files can be found alongside the original ISO files from the official Ubuntu website.

Go to the Ubuntu official website (Click here!!).

Ubuntu Official Website
Ubuntu Official Website

Now search for the ISO you need to download, then you will find the previous files too, as you can see in the below screenshot.

Select Check-sums File
Select Check-sums File

Note: Press the file to download it, or you can easily right-click on it and choose to save link as. Please DO NOT copy the file content into a text file and use it because that will not work correctly.

Step 3. Now we need to check if we will need to get a public key or not. So we will run the next command to find out.

gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS

Check Public Key For Ubuntu Already Present
Check Public Key For Ubuntu Already Present

As you can see in the above screenshot, there is no public key found. Also, this output message tells you the keys used to generate the signature file. The keys are (46181433FBB75451 and D94AA3F0EFE21092).

Step 4. To get the public keys, you can use the next command along with the previous keys.

gpg --keyid-format long --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x46181433FBB75451 0xD94AA3F0EFE21092

Public Key Retrieved
Public Key Retrieved

Step 5. Check the key fingerprints by using the next command.

gpg --keyid-format long --list-keys --with-fingerprint 0x46181433FBB75451 0xD94AA3F0EFE21092

Request ID From The Ubuntu Key Server.
Request ID From The Ubuntu Key Server.

Step 6. Now you can verify the checksum file again.

gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS

Verify The Checksum File Using The Signature
Verify The Checksum File Using The Signature

As you can see in the above screenshot, a good signature means that the files that were checked were for sure signed by the owner of the obtained key file. If a lousy signature was detected, then this means that the files did not match, and the signature is a bad one.

Step 7. Now let’s check the generated sha256 checksum for the downloaded ISO and compare it with the downloaded one in the SHA256SUM file.

sha256sum -c SHA256SUMS 2>&1 | grep OK

The output should look like the below screenshot:

Check The Ubuntu ISO
Check The Ubuntu ISO

As you can see, this means that your ISO matches the checksum file. Now you can proceed and use the downloaded ISO safely with no fear that it has been altered or downloaded incorrectly.

Hend Adel
Hi! I'm Hend Adel, a freelancer technical geek with successful experience in Database, Linux and many other IT fields. I help to build solutions to suit business needs and creating streamlined processes. I love Linux and I'm here to share my skills via FOSS Linux! Thanks for reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,554FansLike
365FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

The 10 Best Linux Server Distros For Home And Businesses

By the year 2020, it is estimated that there are close to 600 Linux distributions in the market. It includes both servers and Desktop versions; therefore, if you are looking for lightweight Linux distribution for your old PC or a reliable desktop version for employees in your organization, you may be overwhelmed with the number of choices for finding one for your use.

How to list the installed Packages on Ubuntu

It is only natural to start installing more and more software on your Ubuntu PC once you start using it. Similarly, it is also natural to lose track of the different packages that you have installed on your system. Eventually, you may be overwhelmed with the number of packages in your system and with the ones you hardly used.

How to configure the Ubuntu Firewall (UFW)

A properly configured firewall is a crucial part of establishing preliminary system security. Keeping this in mind, here we will go over how to configure the firewall on your Ubuntu PC.

How to install and use Zoom on Ubuntu

If you work from home or hold meetings with other people remotely, then you have probably heard of Zoom. It is one of the popular video conferencing software app available today.

How to Restart Networking on Ubuntu

Sometimes resetting your Ubuntu network is required to apply some network configurations like changing your IP from Automatic DHCP to static one. Restarting the network is not a big deal, but should be done carefully.

How to install Chrome and Chromium Browser on Pop!_OS

By default, Pop!_OS comes with Mozilla Firefox Browser installed to help you browse the internet. It is a reliable web browser covering almost all the features and functionalities you need. However, working with Firefox is noticeably different compared to Google Chrome, especially from the speed point of view. Google Chrome is a tad quicker than Firefox.

MUST READ

Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.
Elementary OS 5.1 Hera has received a point release with a handful of new features and bug fixes, and we will be reviewing the significant changes in this article. For those new to elementary OS, this Ubuntu-based Linux distribution uses their inhouse built Pantheon desktop environment and AppCenter.

How to make Ubuntu look like Windows XP

If you are in a nostalgic mood and would like to make your Ubuntu look like Windows XP, you just landed in the right place. In this article, we will show you how you can make Ubuntu look like Windows XP by applying the GTK+ theme. Our Ubuntu distribution of choice is Ubuntu 20.04 LTS.

5 Best Download Managers for Linux

We often need to download large files that can go corrupt due to various reasons such as slow internet or interrupted download. Using a broken downloaded file is not something one wants. Download managers make sure that the downloaded file maintains its integrity and also presents you with the ability to pause and resume downloads, provided the server supports it. When you are downloading a massive file, it's recommended to use a download manager.

All about Ubuntu editions and which version should you use?

Ubuntu is one of the most popular Linux distributions developed and released by Canonical, and not without reason. It has very enriched repositories, with support for all the programs you could ever need.

10 Best PDF Editors for Linux

In this article, we will take a look at 10 of the best PDF editors and tools out there in 2019 that are available for Linux platforms. The editors are going to be judged on the basis of their functionalities, portability, ease of installation, price, and convenience.