How To Verify Checksum In Linux [Beginner Guide]

using checksum in Ubuntu Linux

Brief: This beginner’s guide tells you what is checksum? What are md5, sha256 or sha-1 checksum? Why is checksum used? And how to use checksum in Linux? 

What is Checksum in Linux?

Checksum is like a digital fingerprint of a file. In technical terms,

A checksum is a small-sized datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage.

Well, checksum is a long string of data containing various letters and numbers. You’ll generally find them while downloading files from the web, e.g. Linux distribution image, software packages etc.

Most common use of checksum is in checking if the downloaded file is corrupted.

For instance, Ubuntu MATE download page includes SHA256 checksum for every image available there. So, after you downloaded an image, you can generate SHA256 checksum for it and verify if the checksum value matches the one mentioned on the site.

If it doesn’t, that will mean your downloaded image’s integrity is compromised (maybe it was corrupted during the download process). We will use Ubuntu Mate “ubuntu-mate-16.10-desktop-amd64.iso” image file for this guide.

How is Checksum generated?

Checksum is generated by checksum algorithm. Without going into technical details let’s say that it takes a file as input and outputs the checksum value of that file. There are various algorithms for generating checksum. Most popular checksum algorithms are:

  • Secure Hash Algorithms and variants (SHA-1, SHA-2 etc.) and
  • MD5 Algorithm

How to use checksum to verify file integrity [GUI way]

If you are looking for graphical solution, you can use GtkHash.

GtkHash is a nifty tool for generating and verifying various checksums. It supports a wide range of checksum algorithms – including SHA, MD5 and others. Here’s a list of supported algorithms:

GtkHash supported Checksum Algorithms
GtkHash supported Checksum Algorithms

Installing GtkHash on Ubuntu

For installing GtkHash on your Ubuntu system, simply run the following command:

sudo apt install gtkhash

That’s it.

Suggested read
How To Fix: There is no command installed for RAR archive files

For selecting the checksum algorithms to use:

  • Go to Edit > Preferences menu option.
  • Select the ones you would like to use.
  • Hit Close button.

By default – MD5, SHA-1 and SHA256 is selected.

Using GtkHash

Using it is quite straight-forward.

  • Select the file you want to check
  • Get the Checksum value from the website and put it in Check box.
  • Click the Hash button.
  • This will generate the checksum values with the algorithms you selected.
  • If any one of them matches with the Check box, it will show a small tick sign beside it.

Here’s an example showing GtkHash generating checksum for UbuntuMATE iso image (ubuntu-mate-16.10-desktop-amd64.iso):

GtkHash with UbuntuMATE iso
GtkHash with UbuntuMATE iso

 

Command-Line Checksum Tools

Every Linux distribution comes with tools for various checksum algorithms. You can generate and verify checksum with them. The command-line checksum tools are the followings:

  • MD5 checksum tool is called: md5sum
  • SHA-1 checksum tool is called: sha1sum
  • SHA-256 checksum tool is called: sha256sum

There are some more available, e.g.: sha224sum, sha384sum etc. All of them uses similar command formats. Let’s see an example of using sha256sum. We will use the same “ubuntu-mate-16.10-desktop-amd64.iso” image file as we used before.

Generating and Verifying SHA256 Checksum with sha256sum

First go to the directory where the .iso image is stored:

cd ~/itsfoss

Now, for generating SHA256 checksum, enter the following command:

sha256sum ubuntu-mate-16.10-desktop-amd64.iso

You will get the SHA256 checksum in your terminal window! Easy, isn’t it?

Generating SHA256 Checksum for UbuntuMATE iso
Generating SHA256 Checksum for UbuntuMATE iso

If the generated checksum matches with the one provided on the UbuntuMATE download page, that will mean – no data was changed while you downloaded the file or putting otherwise, your downloaded file is not corrupted.

The other mentioned tools work similarly.

How accurately does this work?

If you are wondering, how accurately does these checksum detects corrupted files – if you delete or change even one character from any one of the text files inside the iso image, the checksum algorithm will generate a totally different checksum value for that changed iso image. And that will definitely not match with the checksum provided on the download page.

Suggested read
How To Watch Hulu On Ubuntu And Linux Mint

Do you checksum?

One of the suggested steps while installing Linux is to verify the checksum of Linux ISO. Do you always follow this step or do it only when something goes wrong with the installation?

Was this guide helpful? If you have any questions, let us know! And also if you need a similar guide for something else, reach out to us, we are here to help.

Comments

  1. Hi Munif… that’s a great explanation.
    But, I think you failed to say the most important thing (at least in my point of view):
    With the ORIGINAL checksum – that is: provided by the distro maker – you can check if another site’s mirror of the ISO is the same or if it has been “modified” – perhaps to insert some kind of malware.
    It’s more useful when you download through torrents and you’re not exactly sure if it’s an OK ISO.
    And that, for me, is the best use for checksum!
    And when we say ISO we can say another file or package – to check if they’re original.
    Thanks.

  2. Thanks for the article; till now, I could not verify checksum of ISO images (of Ubuntu). I had to check by actually running a ‘live’ CD/DVD and re download once as the DVD would not run. Hopefully I will be able to verify now on before writing to a DVD.
    Thanks again for a clear explanation.

Leave a Reply

Your email address will not be published. Required fields are marked *

[i]
[i]