1. Create a directory called “live_image” in your home directory.
2. Move the live image you downloaded in this directory.
3. Download the following files and move them into the “live_image” directory.

Your ~/live_image directory should now contain 3 files: Your live image and the sha512 file and the signed one, like this:

hyperbola-2017.07.14-dual.iso
hyperbola-2017.07.14-dual.iso.sha512
hyperbola-2017.07.14-dual.iso.sha512.sig

To verify the integrity of your live image, generate its SHA512 sum and compare it to the one found in the sha512sum file.

In most GNU/Linux distributions the SHA512 sum can be generated by opening a terminal and running the following commands:

cd
cd live_image
sha512sum -b *.iso

The last command should show you the SHA512 sum of your live file. Compare it to the sha512sum file. If it match, you've successfully verified the integrity of your live image.

Note: If you have coreutils version 8.25 or newer, another way of checking the sum is to ask the sha512sum command to check the file against the sha512sum file, like this:

sha512sum -c hyperbola-2017.07.14-dual.iso.sha512

To verify the authenticity of the sha512sum file, we need to check the signature on the signed file.

Import the Hyperbola signing key:

gpg --keyserver pgp.mit.edu --recv-key "684D 54A1 8930 5A9C C954 46D3 6B88 8913 DDB5 9515"

Note: If gpg complains about the key ID, try the following commands instead:

gpg --keyserver pgp.mit.edu --recv-key DDB59515

gpg --list-key --with-fingerprint DDB59515

Check the output of the last command, to make sure the fingerprint is 684D 54A1 8930 5A9C C954 46D3 6B88 8913 DDB5 9515.

Verify the authenticity of he sha512sum file, like this:

cd
cd live_image
gpg --verify hyperbola-2017.07.14-dual.iso.sha512.sig

The output of the last command should tell you that the file signature is 'good' and that it was signed with the following key: DDB59515.

This wiki article is based on Mint's download page. We may have removed non-FSDG bits from it.