Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Verifying mint 19 iso

  • Please log in to reply
3 replies to this topic

#1 rp88


  • Members
  • 3,067 posts
  • Gender:Not Telling
  • Local time:02:13 PM

Posted 10 November 2018 - 03:59 PM

Just tried downloading mint 19 installer iso, but having some issues with verifying the file, I know that mint has suffered a hijacking of their download pages some years back so recognise how important checking the signature is. The sha256sum checking bit works fine, my sha256 for linuxmint-19-mate-64bit-v2.iso matches the online one of f8164654b7600ced1aa8ef6abee2e56620388b0baa161d7b17699f425223d7c7. can anyone confirm from looking somewhere other than https://ftp.heanet.ie/mirrors/linuxmint.com/stable/19/sha256sum.txt that this is the true sha256 hash for mint 19's v2 MATE iso.

My GPG verification of the sha256 sums file had trouble, I got this:

gpg --keyserver keyserver.ubuntu.com --recv-key A25BAE09
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: key A25BAE09: public key "Totally Legit Signing Key " imported
gpg: key A25BAE09: "Linux Mint ISO Signing Key " not changed
gpg: Total number processed: 2
gpg: imported: 1 (RSA: 1)
gpg: unchanged: 1

That "totally legit signing key" sounds pretty odd. The other options that mint's website said I could run in terminal to check the signature were as follows:

gpg --list-key --with-fingerprint A25BAE09
pub 4096R/A25BAE09 2016-06-07
Key fingerprint = 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
uid Linux Mint ISO Signing Key

pub 1024R/A25BAE09 2014-01-26
Key fingerprint = 1828 C98D 1C52 E20C 95DF B632 6ABA 455A A25B AE09
uid Totally Legit Signing Key


gpg --keyserver keyserver.ubuntu.com --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"
gpg: directory `/home//.gnupg' created
gpg: new configuration file `/home//.gnupg/gpg.conf' created
gpg: WARNING: options in `/home//.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home//.gnupg/secring.gpg' created
gpg: keyring `/home//.gnupg/pubring.gpg' created
gpg: requesting key A25BAE09 from hkp server keyserver.ubuntu.com
gpg: /home//.gnupg/trustdb.gpg: trustdb created
gpg: key A25BAE09: public key "Linux Mint ISO Signing Key " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

Have I got an untampered mint iso file here? Thanks.

Edited by rp88, 10 November 2018 - 03:59 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)


#2 SuperSapien64


  • Members
  • 1,020 posts
  • Gender:Male
  • Local time:08:13 AM

Posted 10 November 2018 - 04:24 PM

Have you tried GTK Hash? Or if your on Windows or Mac I would suggest looking here: https://alternativeto.net/software/gtkhash/

#3 66Batmobile


  • Members
  • 360 posts
  • Gender:Male
  • Location:State of Denial
  • Local time:09:13 AM

Posted 10 November 2018 - 04:32 PM

I found this thread on the official Mint site:



which gave this link:



There's a link 2nd from the bottom of the list on that page for sha256sum.txt which shows the checksums for all the Mint 19 versions/yours does appear to match.


I'm ultra paranoid :blink: about recommending links, so please proceed with caution on the second one if you're on a Windoze machine.


Good luck :thumbup2:

Whatever it was...I didn't do it!

#4 pcpunk


  • Members
  • 6,232 posts
  • Gender:Male
  • Location:Florida
  • Local time:09:13 AM

Posted 11 November 2018 - 10:27 AM

I've never checked a GPG Signature, I think mint has their security pretty tight now.  I usually check the 256 hash for corruption and less for if the iso has been tampered with.


By the way, what is "-v2" is that 19.1"  Like usual Mint's documentation is not so good, but better than it used to be.


Created by Mike_Walsh


KDE, Ruler of all Distro's



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users