![]() If it’s not listed, run: gpg -keyserver -recv-keys AECF1D2F so if you had placed both files into your ‘Home’ directory, run: cd ~įirst you’ll need to check if you already have our GPG key, so run: gpg -list-keys Open a terminal, and ‘cd’ (change directory) into that directory. Place both the Peppermint-10-20191210-amd64.iso and the file in the same directory. ![]() if you’re checking another Peppermint version, please adjust the commands accordingly. In this EXAMPLE we’re going you verify the Peppermint 10 64bit ISO image (Peppermint-10-20191210-amd64.iso) against its GPG signature file (). Once you have downloaded the ISO file, you’ll also need to download its corresponding GPG signature file, links to these can be found next to the ISO download links and at the bottom of this page. How to verify a Peppermint ISO image against its GPG signature file ![]() Even if someone were to hack into a website and upload a modified ISO image, and change the MD5sum being shown so it appeared to check out okay, the ISO would not verify correctly against its corresponding GPG key. This is where GPG signatures come in, checking the downloaded ISO against its signature file will verify the ISO hasn’t been tampered with. ![]() MD5sums are a simple method of checking the integrity of a downloaded ISO file to see if it is corrupt, but they provide no trusted method for checking the ISO hasn’t been tampered with in some way and you’ve been given a false MD5sum to check it against.
0 Comments
Leave a Reply. |