Verifying the authenticity of Debian ISOs

The following Text is an augmented version of Debian CD FAQ section "verify" plus a new section about the use of file /md5sum.txt in Debian ISO images.

How can I verify the downloaded ISO images and written media ?

The checksum files SHA256SUMS and SHA512SUMS in the directories with the ISO images like the one for amd64 netinst can be verified by help of the PGP signature files SHA256SUMS.sign and SHA512SUMS.sign by e.g. these two commands:

gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D 6294BE9B 09EA8AC3
gpg --with-fingerprint --verify SHA512SUMS.sign SHA512SUMS

In case of successful verification this program run must report essentially:

gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>"
...
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B

The key fingerprint and the key title must match one of the pairs "Key fingerprint =" and "uid" as listed on the authenticity verification page.

After this cryptographical verification of the checksum files, you can use them to check the ISO image and the medium to which it was copied.

To verify the downloaded ISO image file, compute the checksum of the ISO image files by a tool such as "sha512sum" and "sha256sum". A successful verification looks like the following program run. (The $-sign is shown as example of the shell prompt, which might look different on your system.):

$ grep ' debian-12.7.0-amd64-netinst.iso$' SHA512SUMS | sha512sum -c -
debian-12.7.0-amd64-netinst.iso: OK

To verify a written optical medium or USB key you have to curb the data stream from the medium to the size of the ISO image. This is necessary because nearly all media would return more bytes after the end of the written ISO image. The checksums will only match if the number of bytes is exactly the same as in the image.

There are several ways to achieve this exactness:

The "isosize" program can be used to find out the appropriate amount of bytes to be read from the medium. It shows the "sector count" and the "sector size" of the ISO filesystem on the medium. The latter is not necessarily the storage block size of the medium, but always 2048. Optical media are presented by GNU/Linux as /dev/srN, USB keys as /dev/sdX.

If the ISO is on a USB key presented as /dev/sdc do:

$ sudo /sbin/isosize -x /dev/sdc
sector count: 323072, sector size: 2048

If the ISO is on a CD, DVD or BD presented as /dev/sr0 do:

$ /sbin/isosize -x /dev/sr0
sector count: 323072, sector size: 2048

Pass "sector count" and "sector size" to program "dd" which then reads the appropriate amount of bytes from the medium. Pipe the byte stream to the appropriate checksum tool "sha512sum" or "sha256sum" and memorize the result in a shell variable:

$ computed=$(sudo dd if=/dev/sdc count=323072 bs=2048 | sha512sum | awk '{print $1}')

Obtain the corresponding checksum from file SHA512SUMS or SHA256SUMS:

$ recorded=$(grep ' debian-12.7.0-amd64-netinst.iso$' SHA512SUMS | awk '{print $1}')

Then compare it with the computed checksum:

$ test "$computed" = "$recorded" && echo "OK. MATCH."
OK. MATCH.

If this command puts out nothing instead of "OK. MATCH.", then the verification check has failed and the ISO filesystem on the medium was altered. There are harmless reasons for this failure but also dangerous ones. See the section at the end of this page for an attempt to find altered files in the ISO.

How to alternatively use script check_debian_iso ?

Above procedure for verifying media and also the procedure for verifying image files may each be replaced by a run of the script check_debian_iso .

Download the script and give yourself x-permission:

$ wget https://people.debian.org/~danchev/debian-iso/check_debian_iso
...
2024-09-03 09:24:57 (144 MB/s) - ‘check_debian_iso’ saved [5373/5373]
$ chmod u+x ./check_debian_iso

ISO image file verification is done by:

$ ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso

Media verification is done by:

$ sudo ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso /dev/sdc

or

$ ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso /dev/sr0

The ISO image itself is not needed for these two runs with media. Only its name is needed for looking it up in the checksum file.

The last output line of the ./check_debian_iso runs must then be like

Ok: '/dev/sdc' matches 'debian-12.7.0-amd64-netinst.iso' in 'SHA512SUMS'

A mismatch would yield

MISMATCH: '/dev/sdc' checksum differs from 'debian-12.7.0-amd64-netinst.iso' in 'SHA512SUMS'

If you are curious about the script's options, run

$ ./check_debian_iso -help

(The mentioned checksum files MD5SUMS and SHA1SUMS are not offered any more, because these checksums are meanwhile deemed insufficient as protection against malicious changes.)

>>> TODO:

How to find the altered files in case of no match ?

If the verification attempt yields a non-matching checksum although you are quite sure that you got an original Debian ISO, it is possible to look for files in the ISO which got hit by the alteration. This works only if the alteration does not hamper mountability of the ISO filesystem.

Mount the altered ISO filesystem with a mountpoint of your choice

$ path_to_image_or_usb_device=/dev/sdc
$ mountpoint=/mnt/iso
$ sudo mount "$path_to_image_or_usb_device" "$mountpoint"

Let program "md5sum" verify the files listed in "$mountpoint"/md5sum.txt

$ cd "$mountpoint"
$ md5sum -c ./md5sum.txt | grep ': FAILED$'
./EFI/debian/grub.cfg: FAILED
md5sum: WARNING: 1 computed checksum did NOT match

The altered file in this example is the image file which serves as EFI System Partition when the ISO is presented to EFI on a USB key. It often gets altered by proprietary software when you plug the USB key into a running MS-Windows system. Normally this alteration is harmless and just indicates that some small files were added to the FAT filesystem in the system partition image. But such alteration of course weakens the credibility of your download and copy efforts.

As noted in the previous section, MD5 is not a cryptographically secure checksum any more. But it still is a good check against non-malicious alterations.