6 Methods to Check File Integrity in Linux
When you download a Linux ISO file, you might have noticed a checksum near the download link. The checksum is a long list of numbers and letters that don’t mean anything. The purpose of this checksum is to help you confirm that the file you downloaded is exactly the file you expected, that it has not been corrupted by an incomplete download or that someone has tampered with the file before it reaches you.
There are several ways to check the integrity of a file in Linux. Take a look at the following programs and see which one appeals to you.
1. Hash brown
Most of the more established and popular Linux distributions use the GNOME desktop interface by default. This includes Ubuntu and Fedora. So let’s start with a simple application designed for GNOME that requires perhaps the least amount of technical knowledge.
When you first launch Hashbrown, the app tells you what it’s doing and gives you a single option to open a file. Once you open a file, you get a view of MD5, SHA-1, SHA-256, and SHA-512 hashes in one place.
If the numbers match the checksum provided to you, you are done. Close the app and continue on your way. If you are unsure, click the Tools and ask the app to check for you.
Not sure what these different hashing algorithms are? Click the settings cog in the header bar. There you will find an option to post an explanation on Wikipedia. This might not be the best introduction if you have no idea what hashes are, but at least you have a starting point.
To download: Hash brown
Checksumo is another application designed for the GNOME desktop. It’s not necessarily more complicated than Hashbrown, but it takes a different approach that’s less immediately intuitive.
The Checksumo window has three main functions. First, you will need to open the designated file, such as an ISO image. Next, you need to enter a hash value. This is the string provided by a web page or checksum file. When you enter this value, Checksumo will determine itself if the hash is MD5, SHA-256 or another algorithm.
Then press the To verify button. Checksumo will check the integrity of your file and let you know if the value doesn’t match. If it matches, you’re good to go.
To download: Checksum
With GtkHash, you can open a file and immediately check it to see its hash values, or you can paste a hash value to have the application check a match for you.
But wait, there’s more! You can provide GtkHash with a list of files to check and have them all checked at once. So, if you are a distro distributor who likes to download Linux distros in bulk, this app can help you check faster that all of them are safe. GtkHash is the most powerful and mature option on this list, with plugins that can integrate with various file managers.
GtkHash is an older, desktop-independent GTK application. This makes it a good choice for more traditional GTK-based environments such as Cinnamon, MATE, and Xfce.
Thanks to KDE Plasma’s top-notch GTK integration, GtkHash won’t stand out either, though Plasma fans might want to consider the next option first. On this desktop, it turns out that you don’t need to install anything extra to view your file manager’s checksums.
To download: GtkHashGenericName
4. Dolphin KDE
In KDE Plasma, you don’t need to download a full dedicated application to check the integrity of a file, nor do you need to open a terminal. All you have to do is right-click on the file in question and open the Properties the window. Then click on the Checksums tongue. Everything you need is probably there.
Dolphin lets you generate hashes and compare them manually, or you can paste a checksum to verify your file. It supports a number of hashing algorithms.
You don’t need to use Plasma to enjoy Dolphin because you can download the file manager to other desktop environments. It’s a bit much if you only want to check checksums, but Dolphin is simply one of the most powerful file managers for Linux. This means that there are many reasons to think about it.
If you’re using a basic operating system, the aforementioned apps will work just fine, but you might want something designed specifically for your desktop. Look no further than Hasher. This app is available on AppCenter, and unlike many basic apps, it’s just as feature-rich as the other options on this list.
Hasher has three main functions: hash, compare and verify. Hashes simply displays the hash value of a particular file, using your choice of algorithm. Compare allows you to directly compare two files, such as an ISO file you downloaded from a server and one you downloaded as a torrent. To verify lets you compare a file to a hash value that you copy and paste from elsewhere.
You don’t need a basic operating system to use Hasher. AppCenter apps are available for any Linux workstation in the universal Flatpak format, just like apps from Flathub. Hasher’s design, which lacks a header bar, can also make the app feel somewhat platform-neutral.
To download: Chop
6. The Linux Command Line
Many people find the command line intimidating, but once you get familiar with it, it’s hard to get any better. The command line is fast and available no matter what version of Linux you are using. There are different commands you could learn, but to keep things simple, let’s focus on two: md5sum and sha256sum.
These two programs are functionally identical and differ in the hashing algorithm they use, both of which are likely pre-installed on your distribution. Their structure is simple. Simply type the command followed by the path to the file you want to generate a hash for. For example:
You can manually enter the path to your file, but many Linux terminals allow you to drag and drop the file from the file manager directly into the terminal window. If you want to explore more features, you can do so by reading the man page for either program, for example by typing:
Do you feel safer on Linux?
Checking the integrity of a file is a good habit to get into, especially if you download Linux distros from locations other than their official websites. But keep in mind that checking the checksum does not guarantee that a file is safe.
For example, someone who hacks into a website and changes the ISO file to a compromised version can easily update the checksum file or value to match that of the compromised file. Just think of it as another tool in your belt as you work to secure your digital life.
Cracking passwords is an important skill to learn if you’re into penetration testing. Here’s how to crack hashes in Linux using hashcat.
About the Author