Verifying a USB flash drive contains an authentic copy of Linux Mint

We have a set of procedures to ensure that every flash drive we ship contains a legitimate and verified copy of Linux Mint. You can find our full procedures for making a flash drive online. However we want to take this a step further and enable our customers to quickly and somewhat easily verify that a USB flash drive received also contains an authentic copy of Linux Mint. Thus, here are the directions to authenticate the contents of a flash drive already containing a copy of Linux Mint:

## If you want to verify the USB flash drive contains an authentic Linux Mint signed image perform the following procedure

# Download the sha256sum.txt and sha256sum.txt.gpg files from LinuxMint.com or a mirror

wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/21.1/sha256sum.txt

2023-02-01 12:13:27 (12.8 MB/s) - ‘sha256sum.txt’ saved [292/292]

wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/21.1/sha256sum.txt.gpg

2023-02-01 12:13:51 (39.2 MB/s) - ‘sha256sum.txt.gpg’ saved [833/833]

# Import the Linux Mint signing key

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-key "27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09"

gpg: key 300F846BA25BAE09: "Linux Mint ISO Signing Key " not changed
gpg: Total number processed: 1
gpg: unchanged: 1

# Verify the authenticity of the sha256sum.txt file
# The output of the command below should tell you that the file signature is a "good signature" and that it was signed with the A25BAE09 key
# If you see a warning about not being certified with a trusted signature this is normal, and generally not a concern

gpg --verify sha256sum.txt.gpg sha256sum.txt

gpg: Signature made Sun 18 Dec 2022 07:54:36 AM EST
gpg: using RSA key 27DEB15644C6B3CF3BD7D291300F846BA25BAE09
gpg: Good signature from "Linux Mint ISO Signing Key " [unknown]
Primary key fingerprint: 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09

# Identify the size of the ISO image using the stat command

curl -s -L -I https://mirrors.gigenet.com/linuxmint/iso/stable/21.1/linuxmint-21.1-cin... | grep 'content-length\|Content-Length'

Example output:
HTTP/2 200
server: nginx/1.20.1
date: Mon, 06 Feb 2023 19:47:08 GMT
content-type: application/octet-stream
content-length: 2681571328
last-modified: Sat, 17 Dec 2022 15:57:15 GMT
etag: "639de6db-9fd58800"
accept-ranges: bytes

Note: The size of the file aka content-length in the above example is: 2681571328

# You can use the head command to read the portion of the disk that contains the ISO and combined with piping
# which is the "|" symbol pass the data to sha256sum, a program to check if the data written is authentic
# sha256sum is basically creating a fingerprint of the written data that can then be matched against the sha256sum.txt file
# -c and then the number that follows it is the size of the ISO, so in our example above it shows it is 2681571328

sudo head -c 2681571328 /dev/sda | sha256sum

# Display the sha256sum.txt file and check that the output of the above command matches what is in this file

cat sha256sum.txt

2df322f030d8ff4633360930a92d78829d10e515d2f6975b9bdfd1c0de769aca *linuxmint-21.1-cinnamon-64bit.iso
f7fb9c0500e583c46587402578547ea56125e0a054097f9f464a2500830c8b25 *linuxmint-21.1-mate-64bit.iso
6fea221b5b0272d55de57f3d31498cdf76682f414e60d28131dc428e719efa8b *linuxmint-21.1-xfce-64bit.iso