When you download a file from the Internet, there is a chance the file will become corrupted during the process. This doesn’t happen on a regular basis, but the possibility does exist. Because the need to verify that what you think you downloaded is actually what is now on your hard drive, it’s a good idea to verify what you have. A great tool for this, assuming the person hosting the file agrees, is using md5 checksums.
Creating a checksum for a file is simple.
After making sure you have installed the md5sum program on your computer, simply navigate to the file you want to be able to verify later and type in the following (substituting the path and name of your file with “file.ext”):
md5sum -b file.ext
For instance, I downloaded the Parted Magic live cd recently, which is “shipped” as a ZIP file. When I have downloaded this file to my hard drive (to the Desktop in particular), it is named pmagic-5.5.iso.zip
So, to create a checksum of this ZIP file, I would type in the following:
md5sum -b /home/ericcflem/Desktop/pmagic-5.5.iso.zip
The output of that is a long number. In this case, this number:
If I look at the Parted Magic website, beside the download link, I’ll find that the Parted Magic creators have also used this utility to create a checksum, and thankfully, their number and my number are exactly the same.
What does this mean? It means I can feel confident extracting the Parted Magic ISO from the archive, burning it to CD, and using it. If the numbers had been different, it would have told me that the file I downloaded was in some way different from the file I was supposed to download. And while it might extract and burn fine, and even boot up with no problems, a chance exists that an error caused by the downloading process will cause issues.
Sometimes a download includes a md5 file, which allows the downloader to verify the download is correct, long after the fact and without the need to return to the website to visually compare long md5 checksums. If you are distributing files, it’s simple to create a checksum file of your own. Let’s continue using Parted Magic as an example. To create a checksum file (with the .md5 extension), for the same download (pmagic-5.5.iso.zip), I would type the following into the Terminal:
md5sum pmagic-5.5.iso.zip > pmagic-5.5.iso.zip.md5
The above command (which assumes I am in the same directory as the download), would create a file named pmagic-5.5.iso.zip.md5, which would include the checksum for “pmagic-5.5.iso.zip” along with the correct name of the file. To use md5sum to verify this, type the following:
md5sum -c pmagic-5.5.iso.zip.md5
The output of this is as follows (assuming everything is correct):
For Linux users, a tool to verify md5 checksums is likely already installed. For a powerful utility that not only calculates md5 checksums, but also creates and verifies checksums for SHA-1, SHA-256, Tiger and Whirlpool. Mac and Windows users can also find utilities for their operating systems as well.