Home
         Spins
         Releases
         Checking
         Repository
         Themes
         Games
         Garden
         About




       
       




SbK is hosted by



















 Check ISO


Checking the gpg signature in Linux

For Debian 9/25 and all current Manjaro releases and future releases, all SbK iso's will be signed. This will give those that download the iso's the ability to be 100% sure the iso was created by the SbK project if they choose.


First make sure you have gnupg installed.

sudo pacman -S gnupg

Download the iso and the .sig file with the name that matches the iso. Place them both into the same folder.

Import the Spins by Kilz key by opening a terminal and entering.

gpg --keyserver keyserver.ubuntu.com --search-keys 620BB134B4239576

The terminal will ask which key to import. Since there is only 1, type 1, then hit enter. You should see this in the terminal except unchanged will say added.


Next go to the location you have saved the iso and the sig file. In this example they are in the check folder.

Then issue the following command to check the iso changing "name of the downloaded file" to the name of the sig file.

gpg --verify "name of the downloaded file".sig

The results should look like this with a good signature line that includes the following info


If the results do not include a the EDDSA key number and "gpg: Good signature" line with the above name and address delete the file. Its possible that it was just a bad download, but the iso could also have been changed by someone else. Be safe, not sorry, delete the file, download again, and check again.

Checking the Iso Hash in Linux

First download the iso and the sha1 or sha256 file for the release. The sha1 or sha256 file for the release can be found in the sha1 or sha256 download folder for the release.

To check the hash open a terminal and change to the location you downloaded the file to. In this example we will use the Downloads folder.

cd ~/Downloads

Then check either the sha1 or sha256 hash of the file changing "name of the downloaded file" to the name of the iso you downloaded.

sha1sum "name of the downloaded file".iso

or

sha256sum "name of the downloaded file".iso

In the terminal a hash will be produced. Check that the hash matches the hash in the sha1 or sha256 file you downloaded. If they do not match you will need to download the iso  again and check that file until they match.

Checking the Iso Hash in Windows

If you are checking the hash in Windows you will need a checksum application if you don't have one installed. Quick Hash is an open source tool that you can install.