Scribd
Upload
211 views4 pages

Validating The MD5 Checksum of A File

This document discusses how to validate the integrity of a downloaded file by verifying its MD5 checksum. It explains that file developers generate a unique checksum for large files like ISO images using MD5 encryption. To validate the file, users download both the file and an accompanying MD5 file, then use a tool to generate the checksum locally and compare it to the one listed in the MD5 file. The document provides instructions for validating checksums using Windows Command Prompt or Linux.

Uploaded by

Sandra Gilbert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
211 views4 pages

Validating The MD5 Checksum of A File

This document discusses how to validate the integrity of a downloaded file by verifying its MD5 checksum. It explains that file developers generate a unique checksum for large files like ISO images using MD5 encryption. To validate the file, users download both the file and an accompanying MD5 file, then use a tool to generate the checksum locally and compare it to the one listed in the MD5 file. The document provides instructions for validating checksums using Windows Command Prompt or Linux.

Uploaded by

Sandra Gilbert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Validating the MD5 Checksum of a File

Double-check the integrity of a file through verifying its


MD5 checksum
by
Gary Newell
Updated on November 11, 2019
reviewed by
Ryan Perian

Utamaru Kido / Getty Images

Linux

 Switching from Windows

 Tweet
 Share
 Email

When you download a large file such as a Linux distribution in the form of an ISO you should
validate it to make sure that the file downloaded properly—free of errors or unauthorized
modifications.

Developers of large files like ISOs run those completed images through a program to generate an
MD5 encrypted file. This method provides a unique checksum, which is a fingerprint of the file.

Thus, you download the ISO and then run a tool that creates an MD5 checksum against that file.
The checksum that is returned should match the one located on the website of the software
developer.

Downloading a File With an MD5 Checksum


To demonstrate how to validate the checksum of a file you will need a file that already has an
MD5 checksum available for it to compare against.

Most Linux distributions provide either an SHA or MD5 checksum for their ISO images. One
distribution that uses the MD5 checksum method of validating a file is Bodhi Linux.

Download a live version of Bodhi Linux from http://www.bodhilinux.com/.


The linked page offers three versions:

 Standard
 AppPack Release
 Legacy Release

Download two files: The Bodhi Linux ISO, available at the download link, and the MD5 file.
You'll compare the checksum you see in the MD5 file with the checksum you'll get in a shell
session.

1. Download the ISO itself by clicking on the Download link just under the Standard
Release section.

2. Click MD5 to download the MD5 checksum file to your computer. 

3. Open the MD5 file in a text editor. The contents look something like this:

ba411cafee2f0f702572369da0b765e2  bodhi-4.1.0-64.iso

Verify the MD5 Checksum Using Windows


To verify the MD5 checksum:

1. Open Command Prompt.

2. Open your downloads folder by typing cd Downloads. If you saved the files in a
different location, go there instead.

3. Type certutil -hashfile followed by the file name and then MD5.

4. Check that the value returned matches the value the MD5 file you downloaded from the
Bodhi website (and opened in Notepad).
5. If the values don't match then the file is not valid and you should download it again.

Verify the MD5 Checksum Using Linux


To verify the MD5 checksum using Linux follow these instructions:

1. Open a shell session then visit the directory where you downloaded the files.
2. Enter md5sum followed by the file name.

3. The value displayed by the md5sum command should match the the value in the MD5
file.

Considerations
The md5sum method of checking the validity of a file only works as long as the site you are
downloading the software from hasn't been compromised.

In theory, it works well when there are lots of mirrors because you can always check back
against the main website.

However, if the main site gets hacked and a link is provided to a new download site and the
checksum is changed on the website then you are basically being hoodwinked into downloading
something you probably don't want to use.

If the file's checksum doesn't match the value in the supplementary download file, you know that
the file was corrupted in some way. Try re-downloading it. If several attempts fail, notify the
owner of the file or the administrator of the site that serves it.

CertUtil is a pre-installed Windows utility that can be used to generate hash checksums:

certUtil -hashfile pathToFileToCheck [HashAlgorithm]

HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

So for example, the following generates an MD5 checksum for the file
C:\TEMP\MyDataFile.img:

CertUtil -hashfile C:\TEMP\MyDataFile.img MD5

To get output similar to *Nix systems you can add some PowerShell magic:
$(CertUtil -hashfile C:\TEMP\MyDataFile.img MD5)[1] -replace " ",""

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy