Creating MD5 Checksums
The md5sum command found on most Unix/Linux operating systems can be used to create MD5 checksums for files or to verify the integrity of files if the MD5 checksums for those files are already available.
Let us suppose you want to create an MD5 checksum file containing the checksums for the binary files my_disk_image-1.iso, my_disk_image-2.iso and my_disk_image-3.iso. You can accomplish this by passing the three files as arguments to the md5sum command and redirecting the output to a text file:
$ md5sum -b my_disk_image-1.iso my_disk_image-2.iso my_disk_image-3.iso > MD5SUM
The "-b" option instructs the md5sum command to treat each file as a binary file. If you are working text with files, you can use the "-t" option. The generated checksum file "MD5SUM" will look similar to the following:
302d1a8fa7e13871d9909947eb23935d *my_disk_image-1.iso 2f5be4a2fe3d80b134aba6c6023eca57 *my_disk_image-2.iso 52237af3336321e0b03586055b8e5d78 *my_disk_image-3.iso
The first 32 characters of each line is the MD5 checksum for the file mentioned on that line. The asterisk that precedes the file name indicates that the file is a binary file.
Directories and Subdirectories
The following command can be used to compute checksums for file in a given directory and it's sub-directories.
find /path/to/the/directory -type f -print0 | xargs -0 md5sum > MD5SUM
This command creates a file called "md5sums" containing the MD5 checksum for all the files in /usr/share/man and its sub-directories.
find /usr/share/man -type f -print0 | xargs -0 md5sum -b > md5sums
As you can see the by the path names, the command has created MD5 hashes for files residing at various levels of the directory tree.
... 3710f7bc99303ceb90a1ae1e75361913 */usr/share/man/fr/man7/backend.7.gz f3f6fb8a04b9e78971d875ed8645f848 */usr/share/man/fr/man7/filter.7.gz 9caaf4f56d9f2a72ce9fe977c703475c */usr/share/man/man5/sane-dc210.5.gz f170bb97e4fc6b919426cfecc2ef583b */usr/share/man/man5/faillog.5.gz ...
Verifying a File's Integrity Using it's MD5 Checksum
To generate the MD5 checksum for a file you can do the following:
$ md5sum -b my_disk_image-1.iso e36e064cf65e4dc62ea279dc860c8f9a *my_disk_image-1.iso
Checking each of the 32 characters of the checksum against the original is tedious. If you already have the original MD5 checksum file, you can perform the following:
$ cat MDSUM 302d1a8fa7e13871d9909947eb23935d *my_disk_image-1.iso 2f5be4a2fe3d80b134aba6c6023eca57 *my_disk_image-2.iso 52237af3336321e0b03586055b8e5d78 *my_disk_image-3.iso
$ ls my*.iso my_disk_image-1.iso my_disk_image-2.iso my_disk_image-3.iso
$ md5sum -c MD5SUM my_disk_image-1.iso: OK my_disk_image-2.iso: OK my_disk_image-3.iso: OK
Here are some status messages you may see:
OK - MD5 checksums matched. FAILED - Generally means the MD5 checksums did not match. FAILED open or read - The file could not be read or is missing.
When Checksums Fail
Here is a case where validating the checksums failed:
my_disk_image-1.iso: OK my_disk_image-2.iso: FAILED md5sum: my_disk_image-3.iso: No such file or directory my_disk_image-3.iso: FAILED open or read md5sum: WARNING: 1 of 3 listed files could not be read md5sum: WARNING: 1 of 2 computed checksums did NOT match
In the above scenario:
- my_disk_image-1.iso was identical to the original.
- my_disk_image-2.iso was different from the original.
- my_disk_image-3.iso was missing from the directory.
Beyond MD5
The sha1sum (that is a "one", not lowercase "L") command can be used to create a SHA-1 Checksum. The sha225sum, sha256su, sha384sum, and sha512sum commands compute the 224, 256, 384, and 512 bit (respectively) SHA-2 hashes. The usage and options of these commands are the same as for the m5sum command.
