Verifying the authenticity of Debian ISOs
The following Text is an augmented version of Debian CD FAQ section "verify" plus a new section about the use of file /md5sum.txt in Debian ISO images.
Contents
How can I verify the downloaded ISO images and written media ?
The checksum files SHA256SUMS and SHA512SUMS in the directories with the ISO images like the one for amd64 netinst can be verified by help of the PGP signature files SHA256SUMS.sign and SHA512SUMS.sign by e.g. these two commands:
gpg --keyserver keyring.debian.org --recv-keys 64E6EA7D 6294BE9B 09EA8AC3 gpg --with-fingerprint --verify SHA512SUMS.sign SHA512SUMS
In case of successful verification this program run must report essentially:
gpg: Good signature from "Debian CD signing key <debian-cd@lists.debian.org>" ... Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
The key fingerprint and the key title must match one of the pairs "Key fingerprint =" and "uid" as listed on the authenticity verification page.
After this cryptographical verification of the checksum files, you can use them to check the ISO image and the medium to which it was copied.
To verify the downloaded ISO image file, compute the checksum of the ISO image files by a tool such as "sha512sum" and "sha256sum". A successful verification looks like the following program run. (The $-sign is shown as example of the shell prompt, which might look different on your system.):
$ grep ' debian-12.7.0-amd64-netinst.iso$' SHA512SUMS | sha512sum -c - debian-12.7.0-amd64-netinst.iso: OK
To verify a written optical medium or USB key you have to curb the data stream from the medium to the size of the ISO image. This is necessary because nearly all media would return more bytes after the end of the written ISO image. The checksums will only match if the number of bytes is exactly the same as in the image.
There are several ways to achieve this exactness:
The "isosize" program can be used to find out the appropriate amount of bytes to be read from the medium. It shows the "sector count" and the "sector size" of the ISO filesystem on the medium. The latter is not necessarily the storage block size of the medium, but always 2048. Optical media are presented by GNU/Linux as /dev/srN, USB keys as /dev/sdX.
If the ISO is on a USB key presented as /dev/sdc do:
$ sudo /sbin/isosize -x /dev/sdc sector count: 323072, sector size: 2048
If the ISO is on a CD, DVD or BD presented as /dev/sr0 do:
$ /sbin/isosize -x /dev/sr0 sector count: 323072, sector size: 2048
Pass "sector count" and "sector size" to program "dd" which then reads the appropriate amount of bytes from the medium. Pipe the byte stream to the appropriate checksum tool "sha512sum" or "sha256sum" and memorize the result in a shell variable:
$ computed=$(sudo dd if=/dev/sdc count=323072 bs=2048 | sha512sum | awk '{print $1}')
Obtain the corresponding checksum from file SHA512SUMS or SHA256SUMS:
$ recorded=$(grep ' debian-12.7.0-amd64-netinst.iso$' SHA512SUMS | awk '{print $1}')
Then compare it with the computed checksum:
$ test "$computed" = "$recorded" && echo "OK. MATCH." OK. MATCH.
If this command puts out nothing instead of "OK. MATCH.", then the verification check has failed and the ISO filesystem on the medium was altered. There are harmless reasons for this failure but also dangerous ones. See the section at the end of this page for an attempt to find altered files in the ISO.
How to alternatively use script check_debian_iso ?
Above procedure for verifying media and also the procedure for verifying image files may each be replaced by a run of the script check_debian_iso .
Download the script and give yourself x-permission:
$ wget https://people.debian.org/~danchev/debian-iso/check_debian_iso ... 2024-09-03 09:24:57 (144 MB/s) - ‘check_debian_iso’ saved [5373/5373] $ chmod u+x ./check_debian_iso
ISO image file verification is done by:
$ ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso
Media verification is done by:
$ sudo ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso /dev/sdc
or
$ ./check_debian_iso SHA512SUMS debian-12.7.0-amd64-netinst.iso /dev/sr0
The ISO image itself is not needed for these two runs with media. Only its name is needed for looking it up in the checksum file.
The last output line of the ./check_debian_iso runs must then be like
Ok: '/dev/sdc' matches 'debian-12.7.0-amd64-netinst.iso' in 'SHA512SUMS'
A mismatch would yield
MISMATCH: '/dev/sdc' checksum differs from 'debian-12.7.0-amd64-netinst.iso' in 'SHA512SUMS'
If you are curious about the script's options, run
$ ./check_debian_iso -help
(The mentioned checksum files MD5SUMS and SHA1SUMS are not offered any more, because these checksums are meanwhile deemed insufficient as protection against malicious changes.)
>>> TODO:
- Move check_debian_iso to an official Debian location and sign it by a Debian CD signing key. Then describe its verification. (Currently it is signed by a key of George Danchev and by the key of GNU xorriso by Thomas Schmitt.)
How to find the altered files in case of no match ?
If the verification attempt yields a non-matching checksum although you are quite sure that you got an original Debian ISO, it is possible to look for files in the ISO which got hit by the alteration. This works only if the alteration does not hamper mountability of the ISO filesystem.
Mount the altered ISO filesystem with a mountpoint of your choice
$ path_to_image_or_usb_device=/dev/sdc $ mountpoint=/mnt/iso $ sudo mount "$path_to_image_or_usb_device" "$mountpoint"
Let program "md5sum" verify the files listed in "$mountpoint"/md5sum.txt
$ cd "$mountpoint" $ md5sum -c ./md5sum.txt | grep ': FAILED$' ./EFI/debian/grub.cfg: FAILED md5sum: WARNING: 1 computed checksum did NOT match
The altered file in this example is the image file which serves as EFI System Partition when the ISO is presented to EFI on a USB key. It often gets altered by proprietary software when you plug the USB key into a running MS-Windows system. Normally this alteration is harmless and just indicates that some small files were added to the FAT filesystem in the system partition image. But such alteration of course weakens the credibility of your download and copy efforts.
As noted in the previous section, MD5 is not a cryptographically secure checksum any more. But it still is a good check against non-malicious alterations.