Sometimes you may need to verify checksum in Linux. A checksum is an alphanumeric string along with a file that is transferred between two computers. Typically, downloads over the internet always include a checksum, which the browser or download manager uses to verify the correctness of the download. In this article, we will look at how to verify checksum in Linux.
What is Checksum? Why is Checksum used?
Checksum is an alphanumeric string sent along with a file during file transfer. The sender creates the checksum based on file content and includes it in the file sent. On receiving the file, the receiver generates a checksum on its own using the file content, and compares it with the checksum sent by the sender. If both match, then the file has been received completely. If the file is corrupted during transfer, then checksum generated by receiver will not match the one sent by the sender. Generally, this process is completely automated by web servers sending the file, and download managers and web browsers receiving the file so we don’t realize it is happening in the background. There are various algorithms such as MD5, SHA-256 used to generate checksum string (or hash).
Checksum calculation is a very important step to ensure that you are using an uncorrupted file, especially during software installation and upgrades, to prevent it from damaging your existing system. Checksum verification is recommended especially for production systems & performance critical systems.
How to Verify Checksum in Linux
Checksum is generated by a checksum generator using one of the available algorithms such as MD5, SHA-256, etc. There are various GUI tools that you can download & install for this purpose.
But we will be using command line tools that are already available in most Linux systems by default.
For example, let us say you have downloaded an ISO image file from Ubuntu’s website and saved it to /home/downloads/image.iso Here is the command to generate its checksum using SHA-256 algorithm.
$ sudo sha256sum /home/downloads/image.iso
You will see an alphanumeric string as the output, something like the following, followed by the file name
Compare it with the checksum publicly displayed on Ubuntu’s website, or your download location. Please note, every checksum will be displayed along with the algorithm used to generate it. So make sure you compare your checksum with the right one. For example, a check sum generated using SHA-256 will not match the one generated using MD5 algorithm.
It is important to note that Checksum calculation and verification is a highly accurate process. Even if one bit in your downloaded file is different from the one present at the source website, then your checksum will be very different from the one displayed on their website.