July 21, 2017
I’m often using MacOS X to verify checksum of files I’ve downloaded from the interwebs, such as .iso files. I seem to quickly forget the simple commands that allow me to check files against 3 different types of hashes or checksums. The commands should be similar when using a linux or unix variant.
Let’s say I want to burn an ISO to a usb drive for my new favorite linux distro, Kali Linux. I first download the ISO file, such as, http://cdimage.kali.org/kali-2017.1/kali-linux-mate-2017.1-amd64.iso and save it to my hard drive, in the Downloads folder. As you can see, I prefer the MATE desktop and downloaded that one for this exercise.
I also would grab any checksum files if they were provided. In the case of Kali, they provide the sha256 checksum on their downloads page, as shown in the screenshot below.
Whichever the case, I can use the appropriate command line checksum tool.
To get an MD5 checksum:
To get a SHA1 checksum:
shasum -a 1 ~/Downloads/kali-linux-mate-2017.1-amd64.iso
Calculate SHA-256 checksum:
shasum -a 256 ~/Downloads/kali-linux-mate-2017.1-amd64.iso
Since Kali gave us a sha256, let’s see what output that command generates.
Weedle:Downloads jware$ shasum -a 256 kali-linux-mate-2017.1-amd64.iso
As you can see, the checksum matches that provided by the Kali Linux website. This confirms that the downloaded ISO is actually from Kali Linux and the download link wasn’t intercepted.
These are the 3 versions of the command I use most often on the mac. If you have different experience, please post comments or a link to better commands, please post below. I’ve built my career off learning from people a lot smarter than me.