How to verify MD5 or SHA-1 digests

MD5 and SHA-1 are cryptographic hash functions. They are deterministic procedures that take an arbitrary block of data as input and return a fixed-size bit string, the hash value (called message digest or fingerprint as well).

Verifying MD5 or SHA-1 digest is highly recommended when you download new software for your system.

In most of Linux distros the md5sum and sha1sum commands are available:

$ md5sum ubuntu-9.04-desktop-i386.iso 
66fa77789c7b8ff63130e5d5a272d67b  ubuntu-9.04-desktop-i386.iso
$ sha1sum ubuntu-9.04-desktop-i386.iso 
19aabf327fdbde9e66db54dc04e3a83b92f70280  ubuntu-9.04-desktop-i386.iso

Solaris (even version 10) doesn’t ship either with md5sum or sha1sum installed. However you can use digest:

% /usr/bin/digest -a md5 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz
% /usr/bin/digest -a sha1 GNUgcc.3.4.4.SPARC.64bit.Solaris.10.pkg.tgz

And in Mac OS X, openssl is the appropriate tool:

$ openssl md5 svnX_0.9.13.dmg 
MD5(svnX_0.9.13.dmg)= 90c95c92fb466b2252f1694bf544a05d
$ openssl sha1 svnX_0.9.13.dmg 
SHA1(svnX_0.9.13.dmg)= a6909991e4cf7422e52bae050f7c69975baf595e


  • On 09.07.09 André Wendt said:

    AFAIK, you can use the ‘md5’ and ‘sha1’ binaries on Mac OSX and any other BSD. That’s shorter than the ‘openssl’ call suggested above.

    Just my two cents

  • On 09.07.09 rafacas said:

    I suggested openssl because Apple recommends it to verify SHA1 digests and because ‘md5’ and ‘sha1’ binaries are not always available (in my OSX I have not ‘sha1’).

speak up

Add your comment below, or trackback from your own site.

Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*Required Fields