Verifying the SHA256 Checksum of a file in Linux is the smartest way to check the integrity of a file. The name itself of Checksum defines that it verifies and checks the sum of a message or string value. Usually, the Checksum attaches the checksum string with the file. Every file that we download from an authentic source from the web has a unique and checksum value. This value remains unchanged until we hamper the file, change the file metadata, or the file gets corrupt.
In a nutshell, the Checksum data can be used to check whether your download was corrupted during downloading or while you’ve loaded the file on your filesystem. Now, to verify the original checksum data of a file with the current value, we can use many tools.
To verify the SHA256 Checksum of a file in Linux, we can use both GUI and CLI tools. Despite checking the integrity of the files, you can also check if anyone has changed or modified your file or not.
Verify SHA256 Checksum of File in Linux
The checksum is created from the sender side, and it is verified from the receiver side. After validating, if the receiver finds no errors, then we can ensure that the file is not tampered with or corrupted yet. It also ensures that the file we have been downloading has been completed successfully and all the packets were received.
The checksum is an algorithm that allows the user to check the file authenticity on Linux. There are both GUI and CLI methods to verify the sha256 checksum. In this post, we will see both of the methods on how to verify the SHA256 Checksum of File in Linux.
Method 1: CLI Method to Verify Sha256 Checksum on Linux
The command-line-based method is the most preferred and used method to check the sha256 checksum. Though we know that Checksum uses an algorithm to verify, to use this tool, we barely need to know the details about the algorithm. Here, we will see how we can use the terminal shell to download a file from the web and verify the sha256.
Step 1: Download The File From the Web
We will need to download a file from the web at the very beginning. For instance, let’s say that we will download the raspberrypi Debian file on our system. Please run the below-provided wget commands on your shell to download the file. Then also execute the below next command to get the sha256sum value.
$ https://downloads.raspberrypi.org/imager/imager_1.7.1_amd64.deb $ wget https://downloads.raspberrypi.org/imager/
Step 2: Generate a Checksum and Verify
When the download finishes, we will go to the download directory to browse the file and generate a sha256sum for the downloaded file. After we successfully generate the sha256sum string value for the file, we will now verify the checksum for this file. You can execute the below-mentioned command to match the sha256sum string files.
$ cd $ sha256sum imager_latest_amd64.deb
$ sha256sum -c SHA256SUMS
Method 2: GUI Method to Verify Sha256 Checksum on Linux
The above-mentioned method shows how we can verify the sha256 checksum on Linux in a CLI method. Here we will see a GUI (graphical user interface) method where we will use a tool named GtkHash.
The GtkHash is a great tool for generating sha256sum and verifying the sha256sum. Here you can see the list of cryptographic hash functions that GtkHash supports.
- MD5
- SHA1
- SHA2 (SHA224, SHA256, SHA384, SHA512)
- SHA3
- BLAKE2
Step 1: Get the GTKHASH on Linux
If you do not have the GTKHASH tool on your system, please install it before you go further. Now, we will see the commands to install the GtkHash tool on our Linux machine. Here, we have enlisted the commands to get this tool on the major Linux distributions. Please choose the appropriate commands for your distribution.
Installing GtkHash on Ubuntu Linux
sudo apt install gtkhash
Get GtkHash on Fedora
sudo dnf makecache --refresh sudo dnf -y install gtkhash
Installing GtkHash on Red Hat Linux
sudo yum makecache --refresh sudo yum -y install gtkhash
If you find issues while installing the GtkHash tool on your machine, you can also use the Snap method.
Step 2: Using GtkHash on Linux
So far, we have seen the notion of GtkHash and the installation method. We are now good enough to go through the process of verifying sha256 checksums on Linux. It’s as simple as that, first, choose your preferred checksum algorithm from the menu.
By default, the GTKHASH uses the SHA256, SHA-1, and MD5. First, we have to choose the file we want to review. Check the box after you’ve entered the checksum value from the website. Then click on Hash; the algorithm will generate the checksum value. If everything goes well, a small circle appears beside the check box if they match.
Here are the steps we need to perform to verify the SHA256 Checksum of File in Linux. After opening the tool, please follow the below-mentioned steps to verify the SHA256 checksum of File in Linux.
- Selecting the file for review is the first step.
- Select Preferences from the menu.
- Select any preferences you wish to use.
- Press close the tool after using it.
Insights!
To verify the file after downloading is urgent for your own security. If a hacker sends you a file and you verify it before executing it on the system, it might save your system. In the entire post, we have seen how to install the checksum tool on major Linux distributions and how to use that too to verify the SHA256 Checksum of file in Linux. We have also seen the GUI methods to check and verify the SHA256 Checksum of a file.
I hope this post has been helpful for you; if yes, please share this post with your friends and the Linux community. You can also let us know your opinions about this post in the comment section.
