Skip to content

Downloads and Validation

Downloading ISO

CachyOS ISO can be obtained from the following sources:

Verifying ISO integrity with SHA256

  1. Download this file containing the SHA256 hash (Open it with a Text Editor e.g: Notepad).
  2. Open CMD or PowerShell as Administrator and navigate to the path where the ISO and SHA256 files are stored.
  3. Execute the following command:
    Terminal window
    # Example:
    certUtil -hashfile cachyos-desktop-linux-241110.iso SHA256
  4. Compare the certUtil hash output to the one from the downloaded file in Step 1. If they match, you can proceed with the CachyOS installation.

Verify ISO Image Authenticity (Linux)

To verify the authenticity of the ISO file to be sure that the actual one has been released by the official CachyOS development team:

  1. Import the GPG key for verifying the authenticity:

    Terminal window
    gpg --keyserver hkps://keys.openpgp.org --recv-key F3B607488DB35A47
  2. Download the ISO file and its .sig signature file and run the following command (by replacing full_iso_name.iso with the actual ISO filename):

    Terminal window
    gpg --verify full_iso_name.iso.sig full_iso_name.iso

    If you get a Good signature output, the ISO file is genuine:

    gpg: Signature made Mo 01 Apr 2024 14:13:30 CEST
    gpg: using RSA key 882DCFE48E2051D48E2562ABF3B607488DB35A47
    gpg: Good signature from "CachyOS <[email protected]>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg: There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 882D CFE4 8E20 51D4 8E25 62AB F3B6 0748 8DB3 5A47