How to verify the .iso file via gpg?

i still dont know how to verify it? it says to verify but nothing really works. i havent used linux before im just trying to make a boot drive but i just have 3 keys and alot of download files? where do i download from how do i check it?

Have you already read the instructions given in chapter 1.1 of the Lubuntu manual?

Download is recommended from the official Lubuntu site.


yeah i read many manuals of it. so that means i don’t need to verify it like that? i tried zsync from wsl and http but i dont have torrent and stuff to open those.? the manual does not say anything about gpg.

1 Like

In case you already have downloaded lubuntu-24.04-desktop-amd64.iso, it suffices to check the sha256sum done by the command sha256sum lubuntu-24.04-desktop-amd64.iso in a terminal.

As written in the manual, output should be f7ed99b368e00ab7f3fa2c05cefd912f43fc19a8ab9d4d241432d7d9e97e3491

For instance, let ‘downloadpath’ be shorthand for the path to the directory on your system where the iso file is. Before you run the above mentioned command to verify the iso file, type
cd downloadpath
in a terminal.

Second addendum:
In case there are the following three files in the same directory
lubuntu-24.04-desktop-amd64.iso | SHA256SUMS.gpg | SHA256SUMS
run at first
cd downloadpath
and then
sha256sum -c SHA256SUMS 2>&1 | grep OK

Here SHA256SUMS is a text file containing the line
f7ed99b368e00ab7f3fa2c05cefd912f43fc19a8ab9d4d241432d7d9e97e3491 *lubuntu-24.04-desktop-amd64.iso

The result should be
lubuntu-24.04-desktop-amd64.iso OK

So you don’t need compare the output to the expected result by yourself.

1 Like

i already did that a day ago.

1 Like

Do you see any more problems with preparations for an installation?

You can use GPG to verify the SHA256 sums were signed with Ubuntu’s key, proving the sums are themselves valid, but that does nothing to validate the ISO, installation media, or the resulting installation.