How To Verify A Ubuntu ISO Image Checksum

verify 1
Verifying checksum for a GNU/Linux image is similar to comparing fingerprints for human. It verifies that your downloaded Ubuntu image is valid or not. By valid here it means it’s 100% the same as the file on official server. Whenever it’s verified valid, then it’s OK for you to use it and further to redistribute. But whenever it’s not valid, it means the image is probably corrupted, broken, of even altered by somebody else. This short tutorial shows 3 steps to verify Ubuntu image for beginners.

What You’ll Do?

You will extract the “fingerprint” of your downloaded ISO image and compare it to its official “fingerprint”.

Read More

1. Find the Checksum First

The official checksum values (“fingerprints”) are always available on Ubuntu image download server. They are just TXT files containing image file names and checksum strings. You get them from You may choose between MD5SUMS, SHA1SUMS, or SHA256SUMS available. Any choice should be OK.
For example, these are checksum links for:
Latest version Ubuntu 17.04 (
The MD5SUMS content looks like below:
Old version Ubuntu 12.04 (
The MD5SUMS content looks like below:

2. Verify Downloaded Image

Extract checksum value from your Ubuntu image by running one of three commands: md5sum, sha1sum, or sha256sum. You see the command names are similar to the official checksum files meaning the result should be compared to respective checksum.
These are some examples for verifying a ubuntu-mate-17.04-desktop-amd64.iso image:
MD5SUM Command:

$ md5sum -b ubuntu-mate-17.04-desktop-amd64.iso

5f9c81873171bb716715c6a2ae8ff722 *ubuntu-mate-17.04-desktop-amd64.iso
SHA1SUM Command:

$ sha1sum -b ubuntu-mate-17.04-desktop-amd64.iso

14dd7b2c2766e6205ad71100ac99c90b1aa92d1c *ubuntu-mate-17.04-desktop-amd64.iso
SHA256SUM Command:

$ sha256sum -b ubuntu-mate-17.04-desktop-amd64.iso

acfcf1ab54946c67e99e0503c23385e697046fae45e393661d501100844d9a5d *ubuntu-mate-17.04-desktop-amd64.iso
The long, single alphanumerical strings are the hash checksum values. They are the “fingerprints”.
Screenshot2Bfrom2B2017 04 202B14 08 30

3. Compare Between Your Value and Official Value

Now you just need to compare your checksum value and its official one. The method is truly easy: copy the value > go to your browser > open the official value > Ctrl+F > paste > you should find the search matches. You just need to do this once, for example compare MD5 value with MD5SUMS, that’s enough.
Compare MD5 value with MD5SUMS:
Screenshot2Bfrom2B2017 04 202B13 46 07
Compare SHA1 value with SHA1SUMS:
Screenshot2Bfrom2B2017 04 202B14 00 31
Compare SHA256 value with SHA256SUMS:
Screenshot2Bfrom2B2017 04 202B14 02 20

4. How If The Comparison Failed?

While you find your value and the official values are different, it means your downloaded ISO image is not exactly the same as the one available on server. It may be corrupted, or not downloaded completely, or even broken. If that is the case you should re-download the ISO image from start.


Related posts