How to verify your Linux Mint ISO image file

Security and being conscious about your actions and decisions that could hamper or strengthen your Linux environment to be secure, is becoming more and more important. When you download a Linux ISO image file to create a bootable live environment to test a Linux distribution and eventually installing it on your production machine, it is important to be sure about its authenticity and integrity. In this article, as part of my Linux Mint tutorial series, I want to explain how to verify your Linux Mint ISO image file to start your secure Linux journey. 

 Content 

  1. About the free Linux Mint tutorial series 
  2. A note before we start  
  3. Why does verification of a Linux Mint ISO file matter?  
  4. How to verify your Linux Mint ISO image file in Linux  
  5. How to verify your Linux Mint ISO image file in Windows  
  6. How to verify your Linux Mint ISO image file in macOS  
  7. Final words 

 About the free Linux Mint tutorial series 

Through a number of short Linux beginner tutorials, I want to offer a simple starters guide for those who have never done anything with Linux and do not know exactly where to start and where to find the necessary information. In an accessible way it guides you through among others the principles of Linux, finding and downloading a Linux distribution, creating a live medium, finding software up to the installation of software and executing updates. This article is part of my Linux Mint tutorial series. You can find an overview of the complete tutorial series via the link below: 

Linux beginner tutorials – an overview 

Note: Linux version used in this article: Linux Mint 20.1 Cinnamon 

A note before we start 

Last week I was approached by a reader of my website with a finding that in my Linux Mint tutorial series I have excluded or forgotten a very important topic, namely the verification of your downloaded Linux Mint ISO file. In my Linux Mint tutorials, I jump(ed) directly from “How to download Linux Mint” to “How to install Linux Mint on a PC or Mac” without first checking that the ISO file you downloaded is actually a legitimate file. It was not a conscious choice of mine to not to discuss this topic, but to be fair it was just a not-so-helpful mistake on my part. So, I am correcting that with this article. So, in this article I want to explain how to verify your Linux Mint ISO image file.

Why does verification of a Linux Mint ISO file matter? 

 Before I explain how to verify a Linux Mint ISO file, I think it is good to briefly explain why you should always do this. It has been proven in practice that it is possible to download a Linux Mint ISO image file that does not match the file as was created and provided by the developers of Linux Mint. The Linux Mint ISO file is downloadable from a huge number of servers around the world that allow you to download an image from a location closest to you. In my case, since I live in the Netherlands, these download servers are offered for example via LiteServer, NLUUG and Triple IT. In theory all these servers could be compromised without knowing it. Several years ago, it was revealed that both the website and a specific server from which Linux Mint could be downloaded had been hacked, and that a non-genuine version, thus a modified version, of Linux Mint was being offered for download instead of the real one. You can read all the details about what happened in the following blog from the Linux Mint team: 

Beware of hacked ISOs if you downloaded Linux Mint on February 20th!

And if you want to know more about how the Linux Mint team handled this, read the following blog: 

How the Linux Mint team handled the hack 

In short, hackers created a modified version of the Linux Mint 17.3 Cinnamon edition ISO file, which contained a backdoor, and also the website was compromised and the underlying database. After that incident the Linux Mint did everything in their power to make sure this will not happen again for future releases. Verification of the ISO file is one of the things you can do yourself to be sure you downloaded the proper image. This will be done based on (sha256) checksums, which we will discuss in the remainder of this tutorial. This is not only the case for Linux Mint, but in fact for all Linux distros you want to try out or install: 

How to verify your Linux Mint ISO image file in Linux 

When you already use a Linux distribution and you want to verify your recently downloaded Linux Mint ISO image file before you try out or move to Linux Mint 20.1, you can follow the below steps: 

Download the required files 

1) Of course, you first need to download the Linux Mint version you want to use. In this tutorial we use Linux Mint 20.1 Cinnamon. In my tutorial “How to download Linux Mint” you can read more on how to download Linux Mint. 

How to download Linux Mint 

But in short, just go to https://linuxmint.com/download.php and download Linux Mint. 

2) Now download the below file to your Downloads folder by right clicking on the link and selecting Save As…, or Save Link As (Note: Only use this approach, because left clicking the files and saving the contents in other ways will lead to an authentication failure.): 

Download sha256sum.txt 

Now we have 2 files in the Downloads folder: 

 Checking the integrity of your ISO file  

Let’s start with verifying the integrity of the Linux Mint ISO file you downloaded. To be able to verify the integrity of the ISO file, you must generate its SHA256 checksum and compare it to the one found in the sha256sum.txt file. There are multiple ways to do this. When you are a regular visitor of my website you probably know that whenever it is possible, I prefer to use solutions with a graphical user interface, instead of directly jumping on the command line.  

To check the integrity via a GUI tool, a great solution is GtkHash. You can download and install it directly from your software center by searching for GtkHash. 

After installation do the following: 

1) Open the GtkHash application. 

2) Open your file manager and go to the Downloads folder. 

3) Move the Linux Mint ISO file to the File section in GtkHash. 

4) Right click in your file manager on the sha256sum.txt file and select “Open with Text Editor”. 

5) Select and copy (Right click + Copy) the hash part of the Linux Mint version you downloaded. 


6) Paste (Ctrl + V) the copied hash in the Check section in GtkHash. 

7) Click on the Hash button. 

Now you hopefully see two green check marks in the Check section and the SHA256 section. 

 That’s it. 

How to verify your Linux Mint ISO image file in Windows 

When you use Windows and you want to verify your Linux Mint ISO image file before you try out or move to Linux Mint 20.1, you can follow the below steps: 

 Download the required files 

1) Of course, you first need to download the Linux Mint version you want to use. In this tutorial we use Linux Mint 20.1 Cinnamon. In my tutorial “How to download Linux Mint” you can read more on how to download Linux Mint. 

How to download Linux Mint 

But in short, just go to https://linuxmint.com/download.php and download Linux Mint. 

2) Now download the below file to your Downloads folder by right clicking on the link and selecting Save As…, or Save Link As (Note: Only use this approach, because left clicking the files and saving the contents in other ways will lead to an authentication failure.):

Download sha256sum.txt 

 

Checking the integrity of your ISO file  

Let’s start with verifying the integrity of the Linux Mint ISO file you downloaded. To be able to verify the integrity of the ISO file, you must generate its SHA256 checksum and compare it to the one found in the sha256sum.txt file. There are multiple ways to do this. When you are a regular visitor of my website you probably know that whenever it is possible, I prefer to use solutions with a graphical user interface, instead of directly jumping on the command line. For Windows we can use the graphical application QuickHash GUI. 

You can download QuickHash GUI via the below link, and then select the version you need for your operating system. 

Download QuickHash GUI 

After you have downloaded and installed QuickHash GUI, we can begin with checking your ISO file. 

1) Start QuickHash GUI, select the File tab and select Algorithm SHA256. 

 

2) Open your file explorer and go to the Downloads folder.  

3) Move the Linux Mint ISO file to the Select File button in Quickhash to import the file.  

Now automatically the hash will be generated. After a short while Quickhash says HASHING COMPLETE and gives 100% progress. 

 

4) Right click in your file explorer on the sha256sum.txt file and open the file with your text editor of choice.  

5) Select and copy the hash part of the Linux Mint version you downloaded.  

 6) Paste the just copied hash part in the ”Expected Hash Value” section in Quickhash. 

Now you will hopefully get the message “Expected hash MATCHES the computed File hash”. 

How to verify your Linux Mint ISO image file in macOS 

 When you use macOS and you want to verify your Linux Mint ISO image file before you try out or move to Linux Mint 20.1, you can follow the below steps: 

Download the required files

1) Of course, you first need to download the Linux Mint version you want to use. In this tutorial we use Linux Mint 20.1 Cinnamon. In my tutorial “How to download Linux Mint” you can read more on how to download Linux Mint. 

How to download Linux Mint 

But in short, just go to https://linuxmint.com/download.php and download Linux Mint. 

2) Now download the below file to your Downloads folder by right clicking on the link and selecting Save As…, or Save Link As (Note: Only use this approach, because left clicking the files and saving the contents in other ways will lead to an authentication failure.): 

Download sha256sum.txt 

Checking the integrity of your ISO file  

Let’s start with verifying the integrity of the Linux Mint ISO file you downloaded. To be able to verify the integrity of the ISO file, you must generate its SHA256 checksum and compare it to the one found in the sha256sum.txt file. There are multiple ways to do this. When you are a regular visitor of my website you probably know that whenever it is possible, I prefer to use solutions with a graphical user interface, instead of directly jumping on the command line. For both Windows and macOS we can use the graphical application QuickHash GUI, which is is an open-source data hashing tool for Linux, Windows, and Apple Mac OSX with graphical user interface. 

You can download QuickHash GUI via the below link, and then select the version you need for your operating system. 

Download QuickHash GUI 

After you have downloaded and installed QuickHash GUI, we can begin with checking the integrity of your ISO file. 

1) Start QuickHash GUI, select the File tab and select Algorithm SHA256. 

2) Open your Finder and go to the Downloads folder.  

3) Move the Linux Mint ISO file to the Select File button in Quickhash to import the file.  

Now automatically the hash will be generated. After a short while Quickhash says HASHING COMPLETE and gives 100% progress. 

 

4) Right click in your Finder on the sha256sum.txt file and select “Open with” and “TextEdit”.  

5) Select and copy the hash part of the Linux Mint version you downloaded.  

 6) Paste the just copied hash part in the ”Expected Hash Value” section in Quickhash. 

Now you will hopefully get the message “Expected hash MATCHES the computed File hash”. 

Final words 

That was it. Now that we know we have downloaded a proper Linux Mint ISO file, in a following tutorial I explain how you can place the newly imported ISO file on a bootable USB stick so that you can use it as an installation medium or as a live USB drive. For the complete overview of all Linux mint tutorials click on below link: 

Linux beginner tutorials – an overview