How To Verify A Ubuntu ISO Image Checksum

verify 1
Verifying checksum for a GNU/Linux image is similar to comparing fingerprints for human. It verifies that your downloaded Ubuntu image is valid or not. By valid here it means it’s 100% the same as the file on official server. Whenever it’s verified valid, then it’s OK for you to use it and further to redistribute. But whenever it’s not valid, it means the image is probably corrupted, broken, of even altered by somebody else. This short tutorial shows 3 steps to verify Ubuntu image for beginners.

What You’ll Do?

You will extract the “fingerprint” of your downloaded ISO image and compare it to its official “fingerprint”.

Read More

1. Find the Checksum First

The official checksum values (“fingerprints”) are always available on Ubuntu image download server. They are just TXT files containing image file names and checksum strings. You get them from http://releases.ubuntu.com. You may choose between MD5SUMS, SHA1SUMS, or SHA256SUMS available. Any choice should be OK.
For example, these are checksum links for:
Latest version Ubuntu 17.04 (http://releases.ubuntu.com/zesty/):
MD5SUMS
SHA1SUMS
SHA256SUMS
The MD5SUMS content looks like below:
screenshot2bfrom2b2017-04-202b13-18-54-7424037
Old version Ubuntu 12.04 (http://old-releases.ubuntu.com/releases/precise/):
MD5SUMS
SHA1SUMS
SHA256SUMS
The MD5SUMS content looks like below:
screenshot2bfrom2b2017-04-202b13-25-51-1780260

2. Verify Downloaded Image

Extract checksum value from your Ubuntu image by running one of three commands: md5sum, sha1sum, or sha256sum. You see the command names are similar to the official checksum files meaning the result should be compared to respective checksum.
These are some examples for verifying a ubuntu-mate-17.04-desktop-amd64.iso image:
MD5SUM Command:

$ md5sum -b ubuntu-mate-17.04-desktop-amd64.iso

Result:
5f9c81873171bb716715c6a2ae8ff722 *ubuntu-mate-17.04-desktop-amd64.iso
SHA1SUM Command:

$ sha1sum -b ubuntu-mate-17.04-desktop-amd64.iso

Result:
14dd7b2c2766e6205ad71100ac99c90b1aa92d1c *ubuntu-mate-17.04-desktop-amd64.iso
SHA256SUM Command:

$ sha256sum -b ubuntu-mate-17.04-desktop-amd64.iso

Result:
acfcf1ab54946c67e99e0503c23385e697046fae45e393661d501100844d9a5d *ubuntu-mate-17.04-desktop-amd64.iso
The long, single alphanumerical strings are the hash checksum values. They are the “fingerprints”.
Screenshot2Bfrom2B2017 04 202B14 08 30

3. Compare Between Your Value and Official Value

Now you just need to compare your checksum value and its official one. The method is truly easy: copy the value > go to your browser > open the official value > Ctrl+F > paste > you should find the search matches. You just need to do this once, for example compare MD5 value with MD5SUMS, that’s enough.
Compare MD5 value with MD5SUMS:
Screenshot2Bfrom2B2017 04 202B13 46 07
Compare SHA1 value with SHA1SUMS:
Screenshot2Bfrom2B2017 04 202B14 00 31
Compare SHA256 value with SHA256SUMS:
Screenshot2Bfrom2B2017 04 202B14 02 20

4. How If The Comparison Failed?

While you find your value and the official values are different, it means your downloaded ISO image is not exactly the same as the one available on server. It may be corrupted, or not downloaded completely, or even broken. If that is the case you should re-download the ISO image from start.

Source

Related posts