In this article we will learn how to calculate and verify a checksum of a file in Ubuntu. We will also see what a checksum actually is and why we should care. You can jump straight to the CLI commands.
What is a checksum?
A checksum (also called a hash or a digest) is a very large number, usually represented via hexadecimal digits, which can be used for file integrity verification.
People use fingerprints or retinal scans for an identity verification, because it is thought to be impossible to find a second person with the exact same fingerprint or a retina blood vessel pattern. A checksum/hash can be thought of as a fingerprint of an arbitrary file or any other data. Let’s see how it’s possible.
What is a hash function?
We use a hash function to calculate a checksum/hash of a file or any other data. A hash function is a one-way function that takes an input of an arbitrary length and provides an output of a fixed length. The output of a hash function is actually the hash or the checksum we are talking about. There are several popular hash functions, for example, MD5, SHA256 and SHA512. They use different mathematical algorithms but the concept is the same.
These are some important properties of a hash function:
can’t be reversed (it’s impossible to calculate the input if you only know the output of a function)
will always provide the same output for the same input
even a slight change in the input will cause a large change in the output value
Checksum of a file
Let’s consider SHA-256 which is a modern hash function producing an output of 256 bit, hence the name. You can feed it 10KB file and you will get a 256 bit output or you can feed it 100GB file and you will still get a 256 bit output.
You can feed the same 100GB file as an input any times you want and you will always get the same 256 bit output. If you change a single bit in that 100GB file and feed it to SHA-256 again you will get a completely different hash output. This is a good thing because you can tell straight away that the file has been modified and/or infected. You can sometimes find checksum values for the software packages or ISO images on various download pages. Below is the screenshot from Cisco website where you can see the checksum values for an ISO file:
You can download the file and calculate its hash value and if it’s different from the hash you see on the download page then your file is corrupted and you shouldn’t use it.
How to calculate a checksum/hash in Ubuntu?
All modern Linux distributions provide built-in tools for hash calculations.
The names of the utilities are self-explanatory : md5sum, sha256sum, sha384sum, sha512sum etc. Below are some usage examples: