Ubuntu – How to download Ubuntu securely

system-installation

I'm trying to download ubuntu desktop securely.

This is the link on the ubuntu.com website:
http://releases.ubuntu.com/14.04.2/ubuntu-14.04.2-desktop-i386.iso

And here is the SHA256 hash link:
http://releases.ubuntu.com/trusty/SHA256SUMS

Problem is, both these links are http, and the ubuntu.com server doesn't seem to support https. Is there any way I can download the .iso securely?

Best Answer

The key fingerprints are on https://help.ubuntu.com/community/VerifyIsoHowto

Currently they are

C598 6B4F 1257 FFA8 6632  CBA7 4618 1433 FBB7 5451
8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092

You can retrieve them both with:

gpg --recv-key 843938DF228D22F7B3742BC0D94AA3F0EFE21092 C5986B4F1257FFA86632CBA746181433FBB75451

If you're already on an Ubuntu system the package ubuntu-keyring has these keys in /usr/share/keyrings/ubuntu-archive-keyring.gpg which you can import with gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg.

Best Answer

Related Solutions

Ubuntu – Why do cdimage.ubuntu.com and releases.ubuntu.com list different images

Ubuntu Releases

Ubuntu – Ubuntu 14.04 download page

Related Question