Checking an MD5 Checksum Of A Downloaded File in Linux

MD5 is a one-way algorithm as defined by the RFC1321 that can be used to verify the integrity of a file or filesystem by providing as 128bit digital signature.  This digital signature is like a fingerprint for a file or filesystem and will change dramatically even if a single byte changes.

This means they are excellent in checking the integrity of a file that you have downloaded of a mirror that provides the files equivalent MD5Checksum.  For example below is a list of compressed downloadable files and their equivalent MD5 checksums.

File with there MD5 Checksums

If were were to download both:


Typing :

me@myhost:md5sum pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz
b97d17ccd0eb9e89e899f894c059a3de pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz

The file pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz.md5 should contain the line with the MD5 checksum b97d17ccd0eb9e89e899f894c059a3de which matches the MD5 Checksum generated from the equivalent pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz.  If any byte in the file pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz were to change its MD5 checksum would be very different.  If anything went awry during the download then the MD5 check sum should highlight any anomalies.

Instead of manually checking this long 128 bit signature which would be most tedious, issuing the following automatically checks the MD5 file with is associated file without the .md5 suffix.

me@myhost:md5sum -c pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz.md5
pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz: OK

This indicates that the md5 checksum is OK, and nothing has happened to the pfSense-2.0.1-RELEASE-512mb-i386-nanobsd.img.gz file.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.