How to Verify Checksum on Linux [Beginner Guide]

Brief: This beginner’s guide tells you what a checksum checks, what MD5, SHA-256 and SHA-1 checksums are, why checksums are used and how to verify checksums on Linux.

You’ll learn the following in this tutorial:

What is a Checksum?

using checksum in Ubuntu Linux

A checksum is like the digital fingerprint of a file. In technical terms,

A checksum is a small-sized datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage.

So a checksum is a long string of data containing various letters and numbers. You’ll generally find them when downloading files from the web, e.g. Linux distribution images, software packages, etc.

The most common use of checksums is for checking if a downloaded file is corrupted.

For instance, the Ubuntu MATE download page includes an SHA-256 checksum for every image it makes available. So after you’ve downloaded an image, you can generate an SHA-256 checksum for it and verify that the checksum value matches the one listed on the site.

If it doesn’t, that means your downloaded image’s integrity is compromised (maybe it was corrupted during the download process). We will use an Ubuntu MATE “ubuntu-mate-16.10-desktop-amd64.iso” image file for this guide.

How is a Checksum generated?

Each checksum is generated by a checksum algorithm. Without going into the technical details let’s just say it takes a file as input and outputs the checksum value of that file. There are various algorithms for generating checksums. The most popular checksum algorithms are:

  • Secure Hash Algorithms and variants (SHA-1, SHA-2 etc.)
  • MD5 algorithm

Let’s see how to verify a checksum on Linux.

How to use checksum to verify file integrity [GUI way]

If you’re looking for a graphical solution, you can use GtkHash.

GtkHash is a nifty tool for generating and verifying various checksums. It supports a wide range of checksum algorithms, including SHA, MD5 and others. Here’s a list of supported algorithms:

GtkHash supported Checksum Algorithms
GtkHash supported Checksum Algorithms

Installing GtkHash on Ubuntu

To install GtkHash on your Ubuntu system, simply run the following command:

sudo apt install gtkhash
sudo apt install gtkhash

That’s it. Then select the checksum algorithms to use:

  • Go to Edit > Preferences in the menu.
  • Select the ones you’d like to use.
  • Hit the Close button.

By default, MD5, SHA-1 and SHA256 are selected.

Using GtkHash

Using it is quite straight-forward.

  • Select the file you want to check.
  • Get the Checksum value from the website and put it in the Check box.
  • Click the Hash button.
  • This will generate the checksum values with the algorithms you selected.
  • If any one of them matches with the Check box, it will show a small tick sign beside it.

Here’s an example showing GtkHash generating a checksum for the Ubuntu MATE iso image (ubuntu-mate-16.10-desktop-amd64.iso):

GtkHash with UbuntuMATE iso
GtkHash with Ubuntu MATE iso

Verify checksums via Linux command line

Every Linux distribution comes with tools for various checksum algorithms. You can generate and verify checksums with them. The command-line checksum tools are the following:

  • MD5 checksum tool is called md5sum
  • SHA-1 checksum tool is called sha1sum
  • SHA-256 checksum tool is called sha256sum

There are some more available, e.g. sha224sum, sha384sum, etc. All of them use similar command formats. Let’s see an example using sha256sum. We’ll use the same “ubuntu-mate-16.10-desktop-amd64.iso” image file that we used before.

Generating and Verifying SHA256 Checksum with sha256sum

First go to the directory where the .iso image is stored:

cd ~/itsfoss

Now, to generate the SHA-256 checksum, enter the following command:

sha256sum ubuntu-mate-16.10-desktop-amd64.iso

You’ll see the SHA-256 checksum in your terminal window! Easy, isn’t it?

Generating SHA256 Checksum for UbuntuMATE iso
Generating SHA-256 Checksum for Ubuntu MATE iso

If the generated checksum matches the one provided on the Ubuntu MATE download page, that will mean no data was changed while you downloaded the file – in other words, your downloaded file is not corrupted.

The other tools mentioned work similarly.

How accurately does this work?

If you’re wondering how accurately these checksums detect corrupted files – if you delete or change even one character from any one of the text files inside the iso image, the checksum algorithm will generate a totally different value for that changed image. And that will definitely not match the checksum provided on the download page.

Do you checksum?

One of the suggested steps while installing Linux is to verify the checksum of your Linux ISO. Do you always follow this step or do you do it only when something goes wrong with the installation?

Was this guide helpful? If you have any questions, let us know! And if you need a similar guide for something else, reach out to us, we’re here to help.

Become a Better Linux User

With the FOSS Weekly Newsletter, you learn useful Linux tips, discover applications, explore new distros and stay updated with the latest from Linux world


Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to It's FOSS.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.