Fedora Logotext

How do I verify my image?

Once you have downloaded an image, verify it for security and integrity. To verify your image, start by downloading the proper CHECKSUM file into the same directory as the image you downloaded.

Workstation

For 64-bit images
For 32-bit images

Server

For 64-bit images

Atomic

For Atomic Host Iso
For Atomic Host images
For Docker

Next, import Fedora's GPG key(s):

$ curl https://getfedora.org/static/fedora.gpg | gpg --import

You can verify the details of the GPG key(s) here.

Now, verify that the CHECKSUM file is valid:

$ gpg --verify-files *-CHECKSUM

The CHECKSUM file should have a good signature from one of the following keys:

  • F5282EE4 - Fedora 27
  • 64DAB85D - Fedora 26
  • 3B921D09 - Fedora 26 secondary arches (AArch64, PPC64, PPC64le, s390 and s390x)
  • FDB19C98 - Fedora 25
  • E372E838 - Fedora 25 secondary arches (AArch64, PPC64, PPC64le, s390 and s390x)
  • 81B46521 - Fedora 24
  • 030D5AED - Fedora 24 secondary arches (AArch64, PPC64, PPC64le, s390 and s390x)

Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:

$ sha256sum -c *-CHECKSUM

If the output states that the file is valid, then it's ready to use!

How do I verify my downloaded image on another operating system?

Read these instructions to validate your image.