Verifying the Operating System you download is important to protect you from malicious actors. The steps below will verify that the RoninOS image you download was produced by the developer you think produced it, and will also ensure the contents of the file you download match exactly the contents of the file produced by the developer.
The RoninDojo Master Administrator Key is always used to sign and verify RoninOS images.
(ending in .img.gz)(ending in .img.gz.sha256)(ending in .img.gz.sha256.asc)gpg --refresh-keys && gpg --auto-key-locate keyserver --locate-keys pgp@ronindojo.io
keyserver hkps://keys.openpgp.org
cd /$HOME/Downloads && gpg --verify RoninOS_v2.2.1.img.gz.sha256.asc
Example Successful Signature ✅:
gpg: Assuming signed data in 'RoninOS_v2.2.1.img.gz.sha256'
gpg: Signature made Mon 16 Jun 2025 07:52:32 AM UTC
gpg: Using RSA key 4D8CCBBEFAE5AC5B8BC1130B116573F87BD3EDF7
gpg: Good signature from "RoninDojo Master Key <pgp@ronindojo.io>"
Example Failure Signature ❌:
gpg: Assuming signed data in 'RoninOS_v2.2.1.img.gz.sha256'
gpg: Signature made Mon 16 Jun 2025 07:52:32 AM UTC
gpg: Using RSA key 4D8CCBBEFAE5AC5B8BC1130B116573F87BD3EDF7
gpg: BAD signature from "RoninDojo Master Key <pgp@ronindojo.io>"
sha256sum RoninOS_v2.2.1.img.gz && cat RoninOS_v2.2.1.img.gz.sha256
Example Successful Match ✅:
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
Example Failure Mismatch ❌:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 RoninOS_v2.2.1.img.gz
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
(ending in .img.gz)(ending in .img.gz.sha256)(ending in .img.gz.sha256.asc)Download GPG4Win and run the install, then open the command prompt.
The SHA256 Hash File is signed using the RoninDojo Master Administrator Key. Open a terminal window and run the following command to obtain the key.
gpg --refresh-keys && gpg --auto-key-locate keyserver --locate-keys pgp@ronindojo.io
cd C:\Users\%USERNAME%\Downloads && gpg --verify RoninOS_v2.2.1.img.gz.sha256.asc
Example Successful Signature ✅:
gpg: Assuming signed data in 'RoninOS_v2.2.1.img.gz.sha256'
gpg: Signature made Mon 16 Jun 2025 07:52:32 AM UTC
gpg: Using RSA key 4D8CCBBEFAE5AC5B8BC1130B116573F87BD3EDF7
gpg: Good signature from "RoninDojo Master Key <pgp@ronindojo.io>"
Example Failure Signature ❌:
gpg: Assuming signed data in 'RoninOS_v2.2.1.img.gz.sha256'
gpg: Signature made Mon 16 Jun 2025 07:52:32 AM UTC
gpg: Using RSA key 4D8CCBBEFAE5AC5B8BC1130B116573F87BD3EDF7
gpg: BAD signature from "RoninDojo Master Key <pgp@ronindojo.io>"
certutil -hashfile RoninOS_2.2.0.img.gz && cat RoninOS_v2.2.1.img.gz.sha256
Example Successful Match ✅:
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
Example Failure Mismatch ❌:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 RoninOS_v2.2.1.img.gz
60fb14c7fc4dff4e3276d9b4188e71e2893f250afd1a200a8df3c8ed0f23431a RoninOS_v2.2.1.img.gz
Don't want to use a pre-built image? Go to the Building RoninOS guide to get started building your own image.
Requirements:
Check out the Troubleshooting page for more info.
Join the RoninDojo Chatroom and engage the community.