When it comes to data security, you can never be too careful. That’s why measures such as checksum verification are put in place to ensure that downloaded files have not been tampered with and that you have indeed gotten the files you intended to download. So what is checksum anyway?

A checksum is a small-sized datum from a block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage — Wikipedia

For the most part, checksum is used to make sure that a file is not corrupt. It’s good practice to verify downloaded files as it reduces risk of being victim to a number of cyber attacks. The verification is done by the help of algorithms. The most common ones are:

  • MD5
  • Secure Hash Algorithms(SHA-1, SHA-2, SHA-256)

Most linux distributions have checksum generating programs pre-installed. Ubuntu for example comes bundled with sha1sum, md5sum, and sha256sum which we will be using for the purpose of this tutorial.

How the verification process works

If the checksum generated by sha256sum matches the one provided on the download page of a particular file, then you can be sure that your file is not corrupt. For this tutorial, we’ll be using the iso image of Elementary OS to verify the checksum values.

The elementary OS Installation docs point out that the checksum output should be:

5c499579e6ba05eed5626abbbb68fc1e3660e23ccb6a27f1a5f7794fed98bd56

To verify our elementary os download, we would run:

sha256sum [path-to-downloaded-file]/elementaryos-0.4.1-stable.20180214.iso
#depending on when you download the iso image, the name of the file might
#differ from the one above

If the output is different from the one on the download page, then we have a problem. If not, then we can safely install our downloaded image.

FIN