How to Check if an ISO is Corrupt on Linux – Guide

GNU/Linux distributions are typically downloaded and installed without verification. This can lead to files being corrupted or modified by malicious third parties. Checking the authenticity of a GNU/Linux distribution can help avoid this. ..

Some cyber criminals have purposely modified the image to contain certain malware or backdoors to spy on users. This is not the first time any of these attacks have been made against distribution download servers and other programs designed for these purposes.

Verifying the Linux ISO checksum

sudo apt-get update sudo apt-get upgrade

To ensure that md5sum and gpg are working correctly, we need to make sure that they are both pre-installed on Ubuntu.

Next, we need to download and install the SHA256SUMS and SHA256SUMS.gpg files on our Ubuntu computer. First, we need to find the ISO file that we need to download. Once we have found the ISO file, we can click on it to start downloading it. Once the ISO has been downloaded, we can open it up and start installing it. The installation process will take a little bit longer than usual, but it will eventually finish. Once the installation process has finished, we can finally access the files that were downloaded along with it. We can now use these files to encrypt our Ubuntu computer’s data!

The next command will tell you whether or not we need a public key.

To verify the SHA256SUMS.gpg file:

  1. Open the file in a text editor.
  2. Copy the entire contents of the file to a new text document.
  3. Use the gpg command to verify the file’s integrity: gpg –verify SHA256SUMS.gpg SHA256SUMS ..

As you can see from the image above, no public keys were found. In addition, this output message informs you of the keys used to generate the signature file. The keys are (46181433FBB75451 and D94AA3F0EFE21092).

To get the public keys, you can use the next command along with the previous keys and the -o flag.

The GPG keyid format is long, with the first letter of the key’s name followed by a number. The second letter of the key’s name is always “hkp” and the third letter is always “://”. The fourth letter of the key’s name is always “:”, and the fifth letter is always “:”. The GPG keyserver address is hkp://keyserver.ubuntu.com.

The next command checks the key fingerprints.

To generate a new key pair, use the “gpg –gen-key” command. The key ID is required and should be entered in the “keyid” field. The “long” format specifies that the key should be stored in a file with a long name. The “list-keys” command prints out a list of all keys currently registered with GPG. The fingerprint of the key can be found in the “fingerprint” field. ..

You can now check the checksum file again.

To verify the SHA256SUMS.gpg file:

  1. Open the file in a text editor.
  2. Copy the entire contents of the file to a new text document.
  3. Use the gpg command to verify the file’s integrity: gpg –verify SHA256SUMS.gpg SHA256SUMS ..

The downloaded ISO has a sha256 checksum of 8e4f5bcdc2d1cbfb7f8eccd3aee5f6a9bcfcdd8fc1d2ebe4f3eaefbcdc2d1cbfb7f8eccd3aee5f6a9bcfcdd8fc1d2ebe4f3eaefbcdc

The sha256sum command prints the SHA-256 checksum of a file. The grep command filters out lines that match the string “ok”. ..

Final note

This guide will show you how to check if an ISO is corrupt on Linux. If you have any questions or concerns about the guide, feel free to ask us in the comments below. Additionally, please share this guide with your friends so they can learn how to check if an ISO is corrupt on Linux as well. ..