View Full Version : How to Verify Your Fedora iso Download from Windows (with gpg)

18th September 2013, 12:28 AM
Hello everyone,

Here is a guide for people who want to download the Fedora iso and verify it from Windows.

If you're looking into the Fedora Documentation to do this, you'll notice that it only explains how to verify Fedora iso images in Windows with sha256. However, if you want to use pgp signatures and SHA256sum to verify that iso:

- Note that this assumes you have already downloaded a Fedora iso.

- Download and install Gpg4win. (See http://gpg4win.org/download.html .) This is so that you have gpg to verify downloads.

- Download a CHECKSUM file at https://fedoraproject.org/en/verify .

- Click on whatever link matches your downloaded iso.
- If you're on a website like https://fedoraproject.org/static/checksums/Fedora-19-x86_64-CHECKSUM or https://fedoraproject.org/static/checksums/Fedora-Spins-i386-19-CHECKSUM , right click on that website. Then, (left)-click on “Save Page As...” and save the file wherever you want. The following picture should help:


- To download Fedora's GPG key(s), go to https://fedoraproject.org/static/fedora.gpg. Then download it by right-clicking on that website, (left)-clicking on “Save Page As...” and saving that file wherever you want. The following picture should help:


- To import Fedora's GPG key(s), type:

"C:\Program Files\GNU\GnuPG\gpg2.exe" -- import “C:\Documents and Settings\User\My Documents\Downloads\fedora.gpg”

“C:\Documents and Settings\User\My Documents\Downloads\fedora.gpg” can be replaced with whatever path fedora.gpg is in.

- Now, verify the CHECKSUM file by typing:

“C:\Program Files\GNU\GnuPG\gpg2.exe” --verify “C:\Documents and Settings\User\My Documents\Downloads\Fedora-19-x86_64-CHECKSUM”

“C:\Documents and Settings\User\My Documents\Downloads\Fedora-19-x86_64-CHECKSUM” can be replaced with whatever path Fedora-19-x86_64-CHECKSUM (or whatever other checksum you downloaded) is in.

- Download checksum tools (e.g. md5sum, sha1sum, etc.) at: www.nfllab.com/sums/sums.zip . Then, extract the folder.

- Finally, to check if the Fedora iso's checksum matches, in a command prompt, type something like:

“C:\Documents and Settings\User\My Documents\Downloads\sums\sha256sum.exe” -c “C:\Program Files\GNU\GnuPG\gpg2.exe” --verify “C:\Documents and Settings\User\My Documents\Downloads\Fedora-19-x86_64-CHECKSUM”

Again, replace the path Fedora-19-x86_64-CHECKSUM is in and/or the name of the downloaded checksum file.

If the output says that the checksum file is valid (e.g. the output states something like "Fedora-19-x86_64-netinst.iso: OK",) then you're ready.