How to Verify Checksum on Linux [2 Proven Methods]

Written by

Reviewed by

Last updated: July 27, 2023

Expert verified

SVG Image


To verify checksum on Linux, you can try these methods:

  1. Using md5sum: Calculate the checksum of the file using the md5sum command and compare it with the original checksum value.
  2. Utilizing sha256sum: Calculate the checksum of the file using the sha256sum command and compare it with the original checksum value.

Verifying checksums on Linux is crucial for data integrity and security, but it comes with common errors. Mismatched checksums indicate file alteration, download interruptions can lead to incorrect verification, using the wrong algorithm can result in inaccurate results, missing original checksum values make verification difficult, and incorrect public key import with GPG undermines data authenticity.

Read the guide below to learn different methods to verify checksum on Linux and common errors that can occur with possible solutions.

When it comes to ensuring the integrity and security of data on your Linux system, verifying checksums is a vital practice. A checksum is a unique string of characters generated from a file or data to detect errors or tampering during transmission or storage. By verifying checksums, you can be confident that your files are genuine and haven’t been compromised by malicious actors. In this comprehensive guide, I will explore two different methods to verify checksum on Linux, including md5sum and sha256sum. I will also explore the most common errors when verifying the checksum.

How to Verify Checksum on Linux

To verify checksum on Linux, you have multiple methods at your disposal: md5sum and sha256sum. Each method ensures data integrity and security, but they vary in their level of strength and convenience. Choose the one that best suits your needs and follow the step-by-step guides for error-free verification. 

1. Using md5sum

md5sum is a widely used checksum utility that generates a 128-bit hash value for files. While it provides basic data integrity verification, it has certain limitations due to its vulnerability to collisions. Here is the step-by-step guide to verifying checksums using md5sum

  1. Open the Terminal on your Linux system.
opening terminal 40
  1. Navigate to the directory containing the file you wish to verify.
navigating to directory 5
  1. Calculate the checksum of the file using the md5sum command:
<strong>$ md5sum filename</strong>

Replace the filename with the file of which you want to verify the checksum.

calculating checksum of the file
  1. Compare the calculated checksum with the original checksum.
comparing checksum of the file
  1. If the checksums match, the file is intact and unaltered. If not, consider re-downloading the file from a reliable source.

2. Utilizing sha256sum

sha256sum is a stronger alternative to md5sum and produces a 256-bit hash value, making it more secure. It is widely adopted due to its resistance to collision attacks, making it suitable for critical applications. Follow these steps:

  1. Access your command window and navigate to the directory containing the file you wish to verify.
  2. Calculate the checksum of the file using the sha256sum command:
<strong>$ sha256sum filename</strong>
  1. Now compare the original checksum value with the calculated checksum value.
  2. A match confirms the file’s integrity, while a mismatch may indicate tampering or corrupted data.
checking checksum of the file using sha256sum

5 Common Errors When Verifying Checksum in Linux

Verifying checksums is a critical practice for ensuring the integrity and security of files on a Linux system. However, various errors can occur during the verification process, potentially compromising the accuracy of the results. Understanding these common errors will empower you to avoid pitfalls and maintain data security effectively. Here are five common errors that you may encounter:

  • 🔍 Mismatched Checksums: One of the most frequent errors arises when the calculated checksum does not match the original checksum provided by the source. This discrepancy indicates that the file has been altered or corrupted during download or transmission. Such a mismatch could be the result of a compromised file or accidental data corruption and you should refrain from using such files to avoid potential security risks.
  • Download Interruptions: Errors can occur if the download process is interrupted or incomplete. When this happens, you may unknowingly verify an incomplete file, leading to an incorrect checksum comparison. It’s crucial to ensure that downloads complete successfully before proceeding with the verification process to guarantee accurate results.
  • 💾 Using the Wrong Algorithm: Another common mistake is using the wrong checksum algorithm during verification. For instance, using md5sum instead of sha256sum. Each algorithm generates a unique hash value, and using the incorrect one can lead to inaccurate verification results. Always ensure you choose the appropriate algorithm for the specific file being verified.
  • 🗃️ Missing Original Checksum Value: In some cases, the source may not provide the original checksum value for a file, leaving you without a reference to verify against. Without the original checksum, you lose an essential component of the verification process, making it challenging to ascertain the file’s authenticity.
  • 🔑 Incorrect Public Key Import: When verifying checksums with GPG (GNU Privacy Guard), importing the wrong public key can lead to errors. Verifying files using the correct public key is crucial for ensuring data authenticity and security. A mismatched or incorrect public key import can render the verification process ineffective, leading to potential security breaches.

In a Nutshell

In this guide, I’ve covered various methods to verify checksum on Linux, including md5sum and sha256sum. These methods are powerful tools to ensure the integrity and authenticity of your files. I have also highlighted the common errors that can occur when verifying the checksum.

As you continue to explore the world of Linux security, delve into related topics such as data encryption, user access control, and firewall implementation. Embrace the spirit of continuous learning and stay updated with the latest advancements to fortify your Linux environment and enhance your overall cybersecurity stance. Stay curious, explore, and never stop evolving your Linux expertise.

Frequently Asked Questions

It is best practice to verify checksum on Linux whenever you download or transfer important files, especially for critical applications. Regularly verifying checksums helps ensure the integrity of your data, preventing potential risks arising from corrupted or tampered files. For crucial downloads or sensitive information, verifying the checksum immediately after the transfer is essential to identify any anomalies and take necessary actions promptly. By incorporating checksum verification into your routine for all significant file transfers, you can maintain data security and a reliable Linux system.

Can checksums detect intentional tampering by malicious actors?

Yes, checksums can help identify any changes made to the files, including malicious tampering. When you calculate the checksum of a file and compare it with the original checksum provided by the trusted source, any discrepancies indicate that the file has been altered. If malicious actors have tampered with the file during transmission or distribution, the checksum verification process will highlight the modifications. By leveraging checksums as an integrity verification mechanism, you can detect and mitigate potential security threats posed by unauthorized alterations.

Is there a difference in performance between md5sum and sha256sum verification methods?

While sha256sum may be slightly slower due to its longer hash calculation, the difference in performance is usually negligible for standard file sizes. For small to medium-sized files, the speed difference between md5sum and sha256sum is generally imperceptible. However, sha256sum might take a little longer to compute the hash value for very large files due to its higher bit length. Nonetheless, the enhanced security provided by sha256sum's resistance to collision attacks makes it the preferred choice for verifying checksums, even with a slightly longer computation time.

How do I verify checksums on Windows for Linux downloads?

For Linux downloads on Windows, you can use third-party checksum verification tools like WinMD5Free or HashTab. After downloading the Linux file and its corresponding checksum file, place both files in the same directory on your Windows system. Then, open the checksum verification tool and use it to calculate the checksum of the downloaded file. Compare this result with the checksum provided in the checksum file. If the values match, the Linux download is intact and authentic. These third-party tools simplify the verification process and allow Windows users to ensure the integrity of their Linux downloads.

Can I verify checksums for files stored on external devices, such as USB drives?

Yes, you can verify checksums for files stored on external devices like USB drives. First, copy the file from the USB drive to your Linux system’s local storage. Navigate to the directory where the file is located and then proceed with the verification process using the appropriate checksum method, such as md5sum, sha256sum, or GPG. Verifying checksums ensures the integrity of files regardless of their storage location, whether on the Linux system’s internal drive or external devices like USB drives.



Ojash is a skilled Linux expert and tech writer with over a decade of experience. He has extensive knowledge of Linux's file system, command-line interface, and software installations. Ojash is also an expert in shell scripting and automation, with experience in Bash, Python, and Perl. He has published numerous articles on Linux in various online publications, making him a valuable resource for both seasoned Linux users and beginners. Ojash is also an active member of the Linux community and participates in Linux forums.



Akshat is a software engineer, product designer and the co-founder of Scrutify. He's an experienced Linux professional and the senior editor of this blog. He is also an open-source contributor to many projects on Github and has written several technical guides on Linux. Apart from that, he’s also actively sharing his ideas and tutorials on Medium and Attirer. As the editor of this blog, Akshat brings his wealth of knowledge and experience to provide readers with valuable insights and advice on a wide range of Linux-related topics.

Share this article
Shareable URL
Prev Post

How to Configure a Static IP Address on Ubuntu [20 Easy Steps]

Next Post

How to List Services Using Systemctl Command in Linux [3 Easy Methods]

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next