Verifying authenticity of Debian images

Verifying authenticity of Debian images
Skip Quicknav
Blog
Micronews
Planet
Wiki
Debian installation media for USB, CD, DVD
Verifying authenticity of Debian images
Debian on CD
FAQ
Network Install
Live images
Buy CDs or DVDs
Download via HTTP/FTP
Download with Torrent
Download with Jigdo
Rsync Mirrors
Verify
Verifying authenticity of Debian images
Official releases of Debian installation and live images come with
signed checksum files; look for them alongside the images in
the
iso-cd
jigdo-dvd
iso-hybrid
etc. directories. These files allow you to check that the images you
download are correct. First of all, the checksum can be used to check
that the images have not been corrupted during download. Secondly, the
signatures on the checksum files allow you to confirm that the images
are the ones created and released by Debian, and have not been
tampered with.
To validate the contents of an image file, be sure to use the
appropriate checksum tool. Cryptographically strong checksum
algorithms (SHA256 and SHA512) are available for every releases; you
should use the matching tools
sha256sum
or
sha512sum
to work with these.
To ensure that the checksums files themselves are correct, use an OpenPGP
implementation (such as GnuPG, Sequoia-PGP, PGPainless or GopenPGP) to
verify them against the accompanying signature files (e.g.
SHA512SUMS.sign
). The keys used for these signatures are
all in the
Debian OpenPGP keyring
(or in the
debian-role-keys.pgp
keyring in the
debian-keyring
in a Debian system)
and the best way to check them is to use that keyring to validate via
the web of trust. To make life easier for people who don't have ready
access to an existing Debian machine, here are details of the keys
that have been used to sign releases in recent years, and links to
download the public keys directly:
pub rsa4096/
988021A964E6EA7D
2009-10-03
Key fingerprint = 1046 0DAD 7616 5AD8 1FBC 0CE9 9880 21A9 64E6 EA7D
uid Debian CD signing key

pub rsa4096/
DA87E80D6294BE9B
2011-01-05 [SC]
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
uid Debian CD signing key

pub rsa4096/
42468F4009EA8AC3
2014-04-15 [SC]
Key fingerprint = F41D 3034 2F35 4669 5F65 C669 4246 8F40 09EA 8AC3
uid Debian Testing CDs Automatic Signing Key
debian_on_cd
faq
net_install
buy
jigdo
http_ftp
This page is also available in the following languages:
How to set
the default document language
English-language
public mailing list
for CDs/DVDs:
Debian CD team <
debian-cd@lists.debian.org
About
Social Contract
Code of Conduct
Free Software
Legal Info
Help Debian
Getting Debian
Network install
CD/USB ISO images
Pure Blends
Debian Packages
Developers' Corner
News
Project News
Events
Documentation
Release Info
Debian Wiki
Support
Debian International
Security Information
Bug reports
Mailing Lists
The Debian Blog
Debian Micronews
Debian Planet
Last Modified: Fri, Feb 20 03:24:13 UTC 2026