Clonezilla

The Free and Open Source Software for Disk Imaging and Cloning
About
News
Screenshots
Live CD/USB
Live Docs
Server Edition
Download
CD/USB key vendors
DRBL-winroll
Related LiveCD
Testimonials
Lecture Materials
Related Articles
Partners
FAQ/Q&A
Forum
Mailing Lists
Developers
Contributors
Related links
Local communities
Step-by-step docs

Clonezilla Live - Verify the download files

The steps to verify a downloaded file from Clonezilla project. Here we take clonezilla-live-2.6.7-28-amd64.iso and clonezilla-live-2.6.7-28-amd64.zip as an example:

  1. Download CHECKSUMS.TXT, CHECKSUMS.TXT.gpg, clonezilla-live-2.6.7-28-amd64.iso and clonezilla-live-2.6.7-28-amd64.zip from Clonezilla website.
  2. Retrieve key from key server:
          # gpg --keyserver hkp://keys.openpgp.org --recv-key 667857D045599AFD
      Or
      # gpg --keyserver hkp://pgpkeys.mit.edu --recv-key 667857D045599AFD
  3. Run the following command to verify CHECKSUMS.TXT:

         # gpg --verify CHECKSUMS.TXT.gpg CHECKSUMS.TXT
     gpg: Signature made Fri 03 Jul 2020 07:59:54 PM CST
     gpg:                using RSA key 54C0821A48715DAFD61BFCAF667857D045599AFD
     gpg: Good signature from ...
    The "Good signature" shows the downloaded CHECKSUMS.TXT is successfully verified by CHECKSUMS.TXT.gpg.

  4. Use the CHECKSUMS.TXT to verify the downloaded iso and zip file. Make sure they are in the same directory with CHECKSUMS.TXT. We use the command sha256sum to verify the checksums, but you can use md5sum, sha1sum, or sha512sum, too:

      # sha256sum -c --ignore-missing CHECKSUMS.TXT
  clonezilla-live-2.6.7-28-amd64.iso: OK
  clonezilla-live-2.6.7-28-amd64.zip: OK
  sha256sum: WARNING: 22 lines are improperly formatted
    The "OK" after the file name shows the downloaded clonezilla-live-2.6.7-28-amd64.iso and clonezilla-live-2.6.7-28-amd64.zip are successfully checked by the SHA256 message digest.
    For more details, you can refer to this tutorial.