Do you want to verify the ISO file of a Linux Mint version you downloaded to your Windows 10 & 11 PC? You can be sure that the image of any Linux distribution you acquire is intact. Because of that, you don’t want any system errors or conflicts.
Therefore, you need to verify the integrity of the ISO file before installation. This saves you time. At the same time, you prevent a system error from occurring. In this guide, we will use the MD5 & SHA Checksum Utility tool to achieve this task on Windows platforms. Let’s check if the image file for Linux Mint or other types is correct!
Why Should We Verify ISO Files of Distributions Like Linux Mint or Ubuntu?
Let’s say you are using Windows 10 or 11 operating system. You want to install Linux Mint on a virtual machine or a physical PC. Then, of course, the first thing you do is to obtain the ISO file.
But I suggest getting the ISO image of a Linux distribution you want straight from their official website. If you download it from another site on the Internet, it might not be good. Also, if the person sharing the file doesn’t include a hash value, you should be careful.
Because the installation media might change, it’s wise to check it. This helps avoid problems with your system and makes sure it’s safe. Just check that the file is OK to make sure it’s not damaged.
Let’s say you downloaded the Linux Mint file from their official website. The developers give us text files that have integrity and verification on the download page. In short, all we need to do is double-check it.
Why Is It Important to Verify if ISO Files Are OK?
It’s a good idea to verify the integrity of the files we use in computer operating systems. Specifically, we use hashes of MD5, SHA-1, and SHA-256 Checksum to do this. That is, the hash value of one file cannot be the same as the value of another. Thus, the SHA Checksum value of a file belongs only to itself.
Why do we use MD5, SHA-1, and SHA-265 Hash to verify an ISO or any file? If you are wondering about these values, let’s explain them with a small example.
Let’s say you’re downloading the setup files for a system like Linux or Windows 11. If you search on Google, you’ll find lots of options. But if you download from an untrustworthy source, you might get a fake file. That’s why it’s best to get your downloads straight from Microsoft or Linux developers.
If you do not use the original file you downloaded to install something, you may encounter many problems. For instance, you might see errors while installing it. Also, your computer might not get along with the new stuff, causing problems.
As a result, remember that you need to verify the Windows or Linux ISO you downloaded! As soon as you confirm that these files are intact, you can start installing the OS.
What are MD5, SHA-1 and SHA-256?
MD5 is a 128-bit hash function of messages. Generally, we use it to verify the integrity of data. However, it may not be very safe anymore in terms of security.
SHA-1, on the other hand, is a 160-bit hash. We use it for digital signatures and data integrity. However, this is also bad from a security perspective.
SHA-256, on the other hand, provides a more advanced 256-bit hash cryptographic algorithm. Nowadays, we use SHA-256 hash very widely. For example, it offers a secure way to ensure data integrity, create digital signatures, and generate passwords. This is, of course, a more secure and robust cryptographic function than the others.
1) How to Verify the Integrity of the ISO File on Windows 11 & 10
The purpose of this guide is to verify Linux ISO files from Windows systems. Therefore, you can do this even if the operating system edition you are using is different.
Specifically, I do this on my Windows 11 system. If you want, you can also do this on older versions of Windows, such as 8, 8.1, or 7.
Now, let’s check the integrity of Mint’s media, which is an excellent Linux distribution that we love and use.
Method 1: Using MD5 & SHA Checksum Utility
Step 1
Before we begin, I want to mention something. In the past, the Mint website had a different page just for verification. But now, they’ve combined it with the download page for each version. In short, they call it “Integrity & Authenticity.”
Here, you will see two files to verify:
- Integrity: sha256sum.txt
- Authenticity: sha256sum.txt.gpg
Since I downloaded Linux Mint 21.3 (Virginia) Cinnamon Edition, you will see the image below. But even if you are using another desktop environment, you should still go to the Mirrors page. There, you will see the title Integrity & Authenticity, just like the one below.
Step 2
Now, you need to download sha256sum.txt for the Mint file you acquired. Right-click on the link and hit the”Save link as” choice. Save this text file in the folder where you downloaded your Linux system.
Step 3
Now, open the sha256sum.txt file with Notepad and check its content. For example, the hash value for the Cinnamon version is:
5aa24abbc616807ab754a6a3b586f24460b0c213b6cacb0bf8b9a80b65013ecc
Step 4
Let’s use a program to verify the Linux Mint ISO. The name of this beautiful program is MD5 and SHA Checksum Utility.
To download the Checksum Utility, visit this address and scroll down the page. So, click on the download link from the CNET website.
Step 5
When the website directs you to the CNET website, click Download Now.
Step 6
Run MD5 & SHA Checksum Utility as an administrator, which works with both the Mint media and other file types.
Step 7
Now, copy the hash value from the txt file for the setup file. Then, you paste it into the HASH section in the MD5 & SHA program.
Step 8
Now click Browse in the SHA Checksum tool. Finally, select the Linux Mint image you want to ISO verify.
Step 9
Checksum Utility will finish scanning the Mint image file in a short time. It will then show you the MD5, SHA-1, SHA-256, and SHA-512 hashes respectively.
The last thing you need to do is click Verify to match the integrity of the image file.
Also, in the image below, you can see that the hash values of the Linux Mint image file match.
Method 2: Using Windows Powershell
Step 1
Another method to verify Linux ISO is to use the Windows PowerShell tool. This process is faster and easier than Method 1.
Now, copy the PowerShell command I prepared for you from my GitHub page. Then, assuming you are using Windows 11, open the Start Menu. Then, type “PowerShell” in the search box and open the command tool.
Paste the code that finds the hash value of the ISO images into PowerShell and press Enter. As you can see in the image below, select the location of the Linux image you downloaded.
Step 2
When you find the SHA256 hash value of the Linux image on Windows, you will see a value like the one below.
Here, check the Hash Value. Now, you should compare the hash code with the value provided by Mint or other distributions.
Step 3
After copying the SHA256 hash, go to your Linux distribution’s page again. Likewise, click on the sha256sum.txt file. Then, view the search box by pressing CTRL + F. Finally, paste the hash you copied into the relevant box.
As in the image below, you can see the accuracy of the value we provide from the PowerShell tool.
2) How to Verify the Authenticity of the Linux Mint ISO File on the Windows 11 & 10 PC
You’ve checked the ISO image for systems like Mint, Ubuntu, Kali Linux, and Debian. But to stay super safe, make sure also to check the digital signature.
So, check if the digital signature of the image is legit, meaning it’s trustworthy. Regular folks like us should do this. Here’s how you can figure out if the file is genuine. Plus, it helps us know if nobody else has modified it.
Steps:
Step 1
First, copy the Linux Mint ISO to a folder. Then, download both sha256sum.txt and sha256sum.txt.gpg from the website. Move these files to the folder where you copied the ISO.
You should have a digital signature and checksum file in a directory called ISO, as shown in the image below.
Step 2
Now, to verify the Authenticity of the ISO, you need to install something extra on your Windows PC. This software is GPG4Win. Since GPG comes by default in Linux OSes, you can use it in the terminal. Unfortunately, there is no such method for Windows systems.
GPG4Win is a software based on GNU Privacy Guard (GPG) that we use on Microsoft platforms. Basically, we can use this tool for various situations. Our main goal is to ensure the trustworthiness of the ISO file.
Now, download the GPG4Win stable version to your PC from this link. Then click Next to install quickly, then continue without touching the components. Complete it by clicking Install without changing its location.
Step 3
After installing GPG4Win, we will use PowerShell again for ISO signature verification. But you can also choose to use Windows CMD; it’s up to you!
Step 4
In the ISO folder, right-click on Mint & sha256sum.txt & sha256sum.txt.gpg. Open PowerShell by clicking Open in Terminal from the available options.
To verify the PGP signature, I will first use the GPG tool. So, you will see two commands on the PowerShell screen:
gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg --verify sha256sum.txt.gpg sha256sum.txt
It is another way to check that we downloaded the ISO from its source with the first command. So, we verify that it is from the signer website and a reliable source.
The second command verifies the digital signature of the current version of Cinnamon. So, we confirm that the software is genuine and hasn’t been tampered with.
Finally, you’ve confirmed the authenticity of the Mint ISO. You can see this in the “Good signature” message displayed on the PowerShell screen.
NOTE: Don’t worry if you see “No indication that the signature belongs to the owner.” It says the ISO signature is correct, but the signer is not trustworthy. In short, you can think that your media is solid. However, the person who signed it does not have a signature.
Step 5
Finally, if you want to delete the key you get, use the command below. It will ask you for confirmation to delete the key, and you can answer it with Y.
gpg --delete-key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
NOTE: You can also complete the deletion with the gpg --delete-key "Linux Mint ISO Signing Key"
command.
How to Verify SHA256 Checksum Value of Linux Mint ⇒ Video
You can check if the Linux setup file is OK on your Windows using third-party software. Also, think about subscribing to our YouTube channel to support us!
Frequently Asked Questions (FAQ) About Linux ISO
- Do I need to verify the Linux ISO?
- How do we verify the checksum?
- What happens if I don’t verify the Linux Mint ISO?
Conclusion
If I had to say my last words, be sure to verify the integrity of files before each setup. Because you want to make sure your system is running smoothly and correctly. Because of that, you can check whether this installation media is MD5, SHA-1, or SHA-256. In this way, you can make sure that the file is intact before installing Linux Mint.
In this guide, I used software like the MD5 and SHA Utility. I also examined how we verify the integrity of ISO. Now, you can make this quickly and easily on your Windows systems. This way, you can avoid possible system errors and conflicts. As a result, I recommend constantly downloading ISO files from official sources!