How to Generate and Verify Files with MD5 Checksum in Linux

When working with files on Linux, it’s important to ensure their integrity. One way to do this is by using checksums, which are unique strings generated from the contents of a file. The MD5 checksum is one of the most commonly used methods for this purpose.

In this article, we’ll explain what MD5 is, how to generate MD5 checksums for files, and how to verify the integrity of files using these checksums.

What is MD5?

MD5 stands for Message Digest Algorithm 5, which is a hashing algorithm that takes input (like a file or text) and produces a 128-bit hash value.

This hash value, often displayed as a 32-character hexadecimal number, is unique to the file’s content. Even a small change in the file will result in a completely different MD5 hash.

While MD5 is widely used for checking file integrity, it’s no longer considered secure for cryptographic purposes, as it is vulnerable to hash collisions (where different files can produce the same hash). However, for basic file verification, MD5 remains effective.

How to Generate an MD5 Checksum in Linux

To generate an MD5 checksum for a file in Linux, we can use the md5sum command.

md5sum ravi.pdf

After running the command, you’ll see the output like this:

a58b0193fcd0b85b1c85ca07899e063d  ravi.pdf

In this case, a58b0193fcd0b85b1c85ca07899e063d is the MD5 checksum of the file ravi.zip. This string is unique to the file’s contents.

If you want to save the checksum in a file for future use, you can redirect the output to a file like this:

md5sum ravi.pdf > ravi.pdf.md5

This will create a file named ravi.pdf.md5 that contains the MD5 checksum.

How to Verify Files with MD5 Checksum

Once you have an MD5 checksum, you can use it to verify if the file has been altered, which is especially useful when downloading files from the internet, as you can compare the checksum of the downloaded file with the one provided by the source.

You’ll need the MD5 checksum of the original file, which may be provided on the website from where you downloaded the file, or you may have saved it yourself earlier.

To verify a file, run the following command:

md5sum -c filename.md5

Here, filename.md5 is the file containing the checksum you want to verify. For example, if you saved the checksum in ravi.pdf.md5, the command would look like this:

md5sum -c ravi.pdf.md5

If the file hasn’t been modified, you’ll see something like this:

ravi.pdf: OK

If the file has changed, the output will be:

ravi.pdf: FAILED
md5sum: WARNING: 1 of 1 computed checksums did NOT match

This means that the file’s contents are not the same as when the checksum was generated, indicating that the file may have been corrupted or altered.

How to Verify Checksum of Multiple Files

You can also verify multiple files at once by using a checksum file that contains the checksums of several files. For example, if you have a file files.md5 that contains the checksums of multiple files, you can verify them all at once:

md5sum -c files.md5

The output will list the verification results for all the files in the files.md5 file.

Alternatives to MD5 Command

While MD5 is popular, it has some weaknesses. If you need more security, you might want to use other hashing algorithms like:

• SHA-256: More secure than MD5 and widely used for cryptographic applications.
• SHA-512: Even stronger than SHA-256.

You can use sha256sum or sha512sum commands to generate these checksums, just like with md5sum.

For example, to generate a SHA-256 checksum:

sha256sum ravi.pdf

After running the command, you’ll see the output like this:

a19aea692e680dab5046618a7a9a0dac376bc1e8a8bf90430c2967067d633cf1  ravi.pdf

Conclusion

MD5 checksums are a simple and effective way to verify the integrity of files in Linux. By generating a checksum with md5sum and verifying it later, you can ensure that your files haven’t been corrupted or altered.

Although MD5 is no longer considered secure for cryptographic purposes, it remains a reliable tool for basic file verification tasks.