In this post, I will demonstrate two ways to perform Shasum verification on Windows 10 computers.
Shasum checks are useful to ensure the integrity of your software downloads, i.e., making sure that the files are not tampered with.
When you run a shasum256 or shasum512 check on a file, you will get an output (a long sequence of numbers and alphabets).
You then check the output of your shasum check with the alphanumeric sequence provided by the software provider (for example, a Linux distro or LibreOffice).
If your output matches the alphanumeric sequence of numbers offered by the software provider, then your download is fine. If they don’t match, there’s an issue with your download and you must quickly discard it and run a virus-scan immediately.
The below shasum 256 checks were performed on a Windows 10 Home desktop PC.
Two Methods for Shasum Check
Two quick methods for shasum verification on a Windows 10 computer are via Powershell and through the Command Prompt.
Powershell and Command Prompt are two different consoles in your Windows 10 system.
You can access either of them by typing in the search box located on the bottom panel of your Windows 10 system or by clicking Start—>Applications.
I have already downloaded the LibreOffice office suite to my Windows 10 Home PC in the Downloads folder.
First, I will use the Powershell technique to perform the shasum 256 verification of my LibreOffice software.
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. PS C:\Users\david\Downloads> Get-FileHash -Path C:\Users\david\Downloads\LibreOffice_6.1.0_Win_x64.msi Algorithm Hash Path --------- ---- ---- SHA256 17D01F5E9B9944C5888FF41AC7D0C7D8AA93E84C5B5DF98183B0B287A2E7C77D C:\Users\david\Downloads\Libre...
Important Note: If you’re trying to perform shasum checks, substitute your user name, specify the location of your download location and substitute the exact name of the software you downloaded before running the shasum verification check.
Command Prompt Method
Next, I opened the Command Prompt on my Windows 10 PC, moved to the Downloads folder and then typed in the following commands.
C:\Users\david\Downloads>certutil -hashfile C:\Users\david\Downloads\LibreOffice_6.1.0_Win_x64.msi sha256 SHA256 hash of C:\Users\david\Downloads\LibreOffice_6.1.0_Win_x64.msi: 17d01f5e9b9944c5888ff41ac7d0c7d8aa93e84c5b5df98183b0b287a2e7c77d CertUtil: -hashfile command completed successfully.
The alphanumeric output is the same with both methods and when I compare them to the numbers on the LibreOffice web site, I’m glad to note that they match.
This means the likelihood my LibreOffice download has been tampered with is low.
I repeated the above experiment with a CentOS 7 download (I intend to run CentOS 7 as a guest OS via Oracle VirtualBox software).
Command Prompt Method to Verify CentOS 7 Download
C:\Users\david>CertUtil -hashfile C:\Users\david\Downloads\Linux-ISOs\CentOS-7-x86_64-Minimal-1804.iso sha256 SHA256 hash of C:\Users\david\Downloads\Linux-ISOs\CentOS-7-x86_64-Minimal-1804.iso: 714acc0aefb32b7d51b515e25546835e55a90da9fb00417fbee2d03a62801efd CertUtil: -hashfile command completed successfully.
Let’s try the Powershell method now for our CentOS 7 download.
Powershell Technique to Verify CentOS 7 Download
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. PS C:\Users\david> Get-FileHash -Path C:\Users\david\Downloads\Linux-ISOs\CentOS-7-x86_64-Minimal-1804.iso Algorithm Hash Path --------- ---- ---- SHA256 714ACC0AEFB32B7D51B515E25546835E55A90DA9FB00417FBEE2D03A62801EFD C:\Users\david\Downloads\Linux...
Again, the output provided by both methods is the same and more importantly,they match the shasum256 figures provided by the CentOS 7 open source software maintainers.
Whether you’re using Windows, Mac or Linux, always perform a shasum verification of the software you downloaded to ensure you’re not infected with malware by bad actors.