How to check the file checksum

Good day my dear Linux Yogi’s,

In todays illustration I am going to show you how you can check the checksum on a file you downloaded from the internet and compare it with the checksum posted on the download page.

Mainly you will find gpg, md5 or sha1 checksums. I will show you how to verify those. In major distributions the tools are already installed. We need md5sum, sha1sum and gpg.

  • SHA1SUM

Let’s say you are about to download the latest openfiler installation ISO and see something like the following:

Openfiler download
Openfiler download

On the right under sha1sum you see the verification hash. Now in order to generate the sha1sum hash or the ISO you downloaded execute the following command.

sha1sum Downloads/openfileresa-2.99.1-x86_64-disc1.iso

and it should return something similar to that:

be3be005c9f0a6025731ab8c036dfb0188b0d9c2 Downloads/openfileresa-2.99.1-x86_64-disc1.iso

Now you can compare the hash from your console with the one from the website and if they match you have not to worry something could be messed with.

  • MD5SUM

In this example I demonstrate this with the download of an Debian CD ISO. Debian provides a summary file with all md5 hashes for all downloads in the current folder. You should see something like the following:

Debian download
Debian download

As you can see the very first file contains all the hashes:

md5-hashes
md5-hashes

Lets say we downloaded the very first iso on the list above. Execute the following command to generate the md5  hash.

md5sum debian-8.7.1-amd64-CD-1.iso

and you should see something like this:

eb8bdd4d233fab9ab980c4ee3ac0ae4a debian-8.7.1-amd64-CD-1.iso

Now you can compare/verify is with the value in the md5 checksum file.

  • GPG

This is the last example and I will demonstrate is with the download of Manjaro Linux ISO. Go ahead and download the ISO and the .sig for that iso. Usually the download website offers instruction for checking. The following comes right of the Manjaro Website.

wget https://github.com/manjaro/packages-core/raw/master/manjaro-keyring/manjaro.gpg
--2017-03-07 08:26:03-- https://github.com/manjaro/packages-core/raw/master/manjaro-keyring/manjaro.gpg
Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113
Connecting to github.com (github.com)|192.30.253.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/manjaro/packages-core/master/manjaro-keyring/manjaro.gpg [following]
--2017-03-07 08:26:04-- https://raw.githubusercontent.com/manjaro/packages-core/master/manjaro-keyring/manjaro.gpg
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.192.133, 151.101.0.133, 151.101.128.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.192.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65577 (64K) [text/plain]
Saving to: ‘manjaro.gpg’

manjaro.gpg 100%[===================>] 64.04K --.-KB/s in 0.08s

2017-03-07 08:26:04 (777 KB/s) - ‘manjaro.gpg’ saved [65577/65577]


gpg --import manjaro.gpg
gpg: key 247B52CC: public key "Guillaume Benoit (Guinux) <guillaume@manjaro.org>" imported
gpg: key 11C7F07E: public key "Philip Müller (Called Little) <philm@manjaro.org>" imported
gpg: key 59152F77: public key "Roland Singer (Manjaro Linux) <roland@manjaro.org>" imported
gpg: key 5C0102A6: public key "Rob McCathie <korrode@gmail.com>" imported
gpg: key 604F8BA2: public key "Alexandru Ianu <alexandru@manjaro.org>" imported
gpg: key AC97B894: public key "Ramon Buldó <ramon@manjaro.org>" imported
gpg: key 5DCB998E: public key "artoo <flower_of_life@gmx.net>" imported
gpg: key B35859F8: public key "artoo (manjaro.org) <flower_of_life@gmx.net>" imported
gpg: key 663CA268: public key "Bernhard Landauer <oberon@manjaro.org>" imported
gpg: key 8DF53602: public key "Stefano Capitani <stefano@manjaro.org>" imported
gpg: key A42D53A2: public key "kendell clark <kendell@manjaro.org>" imported
gpg: key C45EE0AA: public key "artoo-manjaro <artoo@manjaro.org>" imported
gpg: Total number processed: 12
gpg: imported: 12 (RSA: 12)
gpg: no ultimately trusted keys found

gpg --verify manjaro-xfce-17.0-stable-x86_64.iso.sig
gpg: assuming signed data in `manjaro-xfce-17.0-stable-x86_64.iso'
gpg: Signature made Mon 06 Mar 2017 03:56:45 PM MST using RSA key ID 11C7F07E
gpg: Good signature from "Philip Müller (Called Little) <philm@manjaro.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E4CD FE50 A2DA 85D5 8C8A 8C70 CAA6 A596 11C7 F07E

In the above example I set in bold the lines you need to pay attention to and it seems in our case that everything is okay.

I hope that this illustration was useful to you. Please subscribe or register to this blog or forum and if you like to see an article here please drop me a line using my contact form.

Thank you for reading, until next time Namaste my friends!