Verifying authenticity of Debian CDs
Official releases of Debian CDs come with signed checksum files. These allow you to check that the images you download are correct. First of all, the checksum can be used to check that the CDs have not been corrupted during download. Secondly, the signatures on the checksum files allow you to confirm that the files are the ones officially released by the Debian CD / Debian Live team and have not been tampered with.
To validate the contents of a CD image, just be sure to use the
appropriate checksum tool.
For older archived CD releases, only MD5 checksums were generated in
MD5SUMS files; you should use the tool
md5sum to work with these.
For newer releases, newer and cryptographically stronger checksum
algorithms (SHA1, SHA256 and SHA512) are used, and there are equivalent
tools available to work with these.
To ensure that the checksums files themselves are correct, use GnuPG to
verify them against the accompanying signature files (e.g.
The keys used for these signatures are all in the Debian GPG keyring and the best
way to check them is to use that keyring to validate via the web of
To make life easier for users, here are the fingerprints for the keys
that have been used for releases in recent years (with some UIDs
removed for clarity):
pub 1024D/88C7C1F7 1999-01-30 Key fingerprint = AC65 6D79 E362 32CF 77BB B0E8 7C3B 7970 88C7 C1F7 uid Steve McIntyre <firstname.lastname@example.org> uid Debian CD signing key <email@example.com> pub 1024D/F6A32A8E 2000-09-16 Key fingerprint = 3F0A 12FC 0B55 A917 D791 82D3 72FD C205 F6A3 2A8E uid Santiago Garcia Mantinan (manty) <firstname.lastname@example.org> sub 1024g/8D0EB704 2000-09-16 pub 1024D/4B2B2B9E 2004-06-20 Key fingerprint = 709F 54E4 ECF3 1956 2332 6AE3 F82E 5CC0 4B2B 2B9E uid Daniel Baumann <email@example.com> sub 1024g/19ED1B2F 2004-06-20 pub 4096R/5CEE3195 2009-05-21 Key fingerprint = D2FB 633A DDC2 0485 CBCE 6D12 39BE 2D72 5CEE 3195 uid Daniel Baumann <firstname.lastname@example.org> sub 4096R/E7D77F65 2009-05-21 pub 4096R/64E6EA7D 2009-10-03 Key fingerprint = 1046 0DAD 7616 5AD8 1FBC 0CE9 9880 21A9 64E6 EA7D uid Debian CD signing key <email@example.com> pub 4096R/6294BE9B 2011-01-05 Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B uid Debian CD signing key <firstname.lastname@example.org> sub 4096R/11CD9819 2011-01-05 pub 4096R/6CA7B5A6 2011-03-09 Key fingerprint = 696F 95F0 88E4 D359 947F 7AEB 6F95 B499 6CA7 B5A6 uid Debian Live Signing Key <email@example.com> sub 4096R/6E7B0CD3 2011-03-09 pub 4096R/AD11CF6A 2013-05-06 Key fingerprint = 1E4F 435C 4E9A 42B3 D9DF BE3A 510A D6B9 AD11 CF6A uid Debian Live Signing Key (2013) <firstname.lastname@example.org> sub 4096R/B72E3E00 2013-05-06 pub 4096R/A9B26DF5 2014-01-03 Key fingerprint = 8A36 A2E8 91A5 C2A9 0DEB 7A8B 1239 00F2 A9B2 6DF5 uid Live Systems Project <email@example.com> sub 4096R/D0125917 2014-01-03
role keys have gradually replaced the use of personal
keys belonging to developers.
However, a decision was made not to go back and re-sign all the old
releases that were already signed using the older keys.