Friends, I would like to specify my question a little bit, cause a lot of you give me suggestions that are already written in this page www.ubuntu.com/download/how-to-verify
What confused me is that tip in the 2nd step, where it says :
Tip: On non-Linux systems, you might need to download the GPG tools for this next step. To check if you have the GPG tools installed, run the command gpg --version or gpg2 --version.
Now, it's not written WHERE do I have to write these commands. At the beginning in that page it says "These instructions assume basic knowledge of the command line", so I assumed I needed to open a "Command prompt" program for that, is it right ? I don't understand why isn't it mentioned in that tip, it is really confusing for a newbie like me. And the results that I get when writing these commands in the "Command prompt" are confusing as well. But knowing that the gnuPG has never ever been installed on my laptop I don't expect too much more. But still it would be good if it was written in that tip what you should see if it's not installed AND that from Windows OS you have to open a Command prompt program to write these commands in.
Previous question
I want to install Ubuntu on my laptop. I downloaded the iso image and now I want to verify it. I currently have Windows 7 as OS on my computer.
In this page www.ubuntu.com/download/how-to-verify in the 2nd step there is this tip that says:
Tip: On non-Linux systems, you might need to download the GPG tools for this next step. To check if you have the GPG tools installed, run the command gpg --version or gpg2 --version.
Now as I understand I need to write gpg --version when I open the command promt program is that right?
I tried and it is unrecognized. But it's okay because I have never ever installed it on my laptop. The thing I worry a bit is am I doing it right? Do I need to use command prompt program for this?
CertUtil (certutil.exe) is a preinstalled Windows command-line program that can be used to generate hash checksums:
certutil.exe ships with Windows 7 and later. CertUtil supports MD2 MD4 MD5 SHA1 SHA256 SHA384 and SHA512 hash algorithms.
You don't have
gpginstalled. You can install it for windows using this link: https://www.gpg4win.org/download.htmlThen you can download the ISO and checksum over at (Be sure to download a file that ends with .gpg) http://releases.ubuntu.com/16.04/
And run cmd, cd into your Downloads directory (Or where your ISO and checksum has been saved) and run these commands:
and I also had to run
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys EFE21092Incase this changes, if you get an error reading:
Use
gpg --keyserver hpk://keyserver.ubuntu.com --recv-keys FBB75451That checks the checksum with the ISO. (And it might take a while)
EDIT - Added information from @grooveplex You might see a warning
'This key is not certified with a trusted signature!'.This warning means that there is no path in the Web of Trust between this key and you. The warning is harmless as long as you retrieved the key from a trusted source. If GPG fails and reports 'BAD signature', do not use the ISO.As mentioned in This answer on superuser
CertUtil comes with Windows and can be used to generate the checksum of a file:
The HashAlgorithm choicesare: MD2, MD4, MD5, SHA1, SHA256, SHA384, and SHA512. If no algorithm is selected CertUtil defaults to SHA1
So for example, the following generates an MD5 checksum for the file
C:\TEMP\MyDataFile.img:The output of this has extraneous lines describing which algorithm is used, the filename and whether the command was successful. To match the output of the checksum utilities in Ubuntu, such as
md5sumuse PowerShell to format the output: