The Free and Open Source Software for Disk Imaging and Cloning
Step-by-step docs

Clonezilla Live - Verify the download files

The steps to verify a downloaded file from Clonezilla project. Here we take clonezilla-live-2.6.7-28-amd64.iso and as an example:

  1. Download CHECKSUMS.TXT, CHECKSUMS.TXT.gpg, clonezilla-live-2.6.7-28-amd64.iso and from Clonezilla website.
  2. Retrieve key from key server:
          # gpg --keyserver hkp:// --recv-key 667857D045599AFD
          # gpg --keyserver hkp:// --recv-key 667857D045599AFD
  3. Run the following command to verify CHECKSUMS.TXT:

         # gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT
         gpg: Signature made Fri 03 Jul 2020 07:59:54 PM CST
         gpg:                using RSA key 54C0821A48715DAFD61BFCAF667857D045599AFD
         gpg: Good signature from ...
    The "Good signature" shows the downloaded CHECKSUMS.TXT is successfully verified by CHECKSUMS.TXT.gpg.

  4. Use the CHECKSUMS.TXT to verify the downloaded iso and zip file. Make sure they are in the same directory with CHECKSUMS.TXT. We use the command sha256sum to verify the checksums, but you can use md5sum, sha1sum, or sha512sum, too:

      # sha256sum -c --ignore-missing CHECKSUMS.TXT
      clonezilla-live-2.6.7-28-amd64.iso: OK OK
      sha256sum: WARNING: 22 lines are improperly formatted
    The "OK" after the file name shows the downloaded clonezilla-live-2.6.7-28-amd64.iso and are successfully checked by the SHA256 message digest.
    For more details, you can refer to this tutorial.