Brief: This beginner’s guide tells you what is checksum, what are md5, sha256 or sha-1 checksum, why is checksum used and how to verify checksum in Linux.
What is Checksum?
Checksum is like a digital fingerprint of a file. In technical terms,
A checksum is a small-sized datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage.
Well, checksum is a long string of data containing various letters and numbers. You’ll generally find them while downloading files from the web, e.g. Linux distribution image, software packages etc.
Most common use of checksum is in checking if the downloaded file is corrupted.
For instance, Ubuntu MATE download page includes SHA256 checksum for every image available there. So, after you downloaded an image, you can generate SHA256 checksum for it and verify if the checksum value matches the one mentioned on the site.
If it doesn’t, that will mean your downloaded image’s integrity is compromised (maybe it was corrupted during the download process). We will use Ubuntu Mate “ubuntu-mate-16.10-desktop-amd64.iso” image file for this guide.
How is Checksum generated?
Checksum is generated by checksum algorithm. Without going into technical details let’s say that it takes a file as input and outputs the checksum value of that file. There are various algorithms for generating checksum. Most popular checksum algorithms are:
Let’s see how to verify checksum in Linux.
How to use checksum to verify file integrity [GUI way]
If you are looking for graphical solution, you can use GtkHash.
GtkHash is a nifty tool for generating and verifying various checksums. It supports a wide range of checksum algorithms – including SHA, MD5 and others. Here’s a list of supported algorithms:
Installing GtkHash on Ubuntu
For installing GtkHash on your Ubuntu system, simply run the following command:
sudo apt install gtkhash
For selecting the checksum algorithms to use:
- Go to Edit > Preferences menu option.
- Select the ones you would like to use.
- Hit Close button.
By default – MD5, SHA-1 and SHA256 is selected.
Using it is quite straight-forward.
- Select the file you want to check
- Get the Checksum value from the website and put it in Check box.
- Click the Hash button.
- This will generate the checksum values with the algorithms you selected.
- If any one of them matches with the Check box, it will show a small tick sign beside it.
Here’s an example showing GtkHash generating checksum for UbuntuMATE iso image (ubuntu-mate-16.10-desktop-amd64.iso):
Verify checksum in Linux command line
Every Linux distribution comes with tools for various checksum algorithms. You can generate and verify checksum with them. The command-line checksum tools are the followings:
- MD5 checksum tool is called: md5sum
- SHA-1 checksum tool is called: sha1sum
- SHA-256 checksum tool is called: sha256sum
There are some more available, e.g.: sha224sum, sha384sum etc. All of them uses similar command formats. Let’s see an example of using sha256sum. We will use the same “ubuntu-mate-16.10-desktop-amd64.iso” image file as we used before.
Generating and Verifying SHA256 Checksum with sha256sum
First go to the directory where the .iso image is stored:
Now, for generating SHA256 checksum, enter the following command:
You will get the SHA256 checksum in your terminal window! Easy, isn’t it?
If the generated checksum matches with the one provided on the UbuntuMATE download page, that will mean – no data was changed while you downloaded the file or putting otherwise, your downloaded file is not corrupted.
The other mentioned tools work similarly.
How accurately does this work?
If you are wondering, how accurately does these checksum detects corrupted files – if you delete or change even one character from any one of the text files inside the iso image, the checksum algorithm will generate a totally different checksum value for that changed iso image. And that will definitely not match with the checksum provided on the download page.
Do you checksum?
One of the suggested steps while installing Linux is to verify the checksum of Linux ISO. Do you always follow this step or do it only when something goes wrong with the installation?
Was this guide helpful? If you have any questions, let us know! And also if you need a similar guide for something else, reach out to us, we are here to help.