Want to make sure a file has not been tempered with? Downloading installation files for Windows, for instance? Find out here how to check and verify an MD5 checksum on Windows (or SHA-1 and SHA-2).
First, a 100¼ Year-Centennial
In what came to be known as the “White City,” pale neoclassical splendor invited guests to massive, yet impermanent pavilions in Chicago’s Jackson Park to celebrate 400 years of Christopher Columbus landing in the New World—in 1893.
It was a special algorithm that made 1893 the year of the 4th centennial of 1492, and it takes a special algorithm to sum up a file of any length in a few bits. Meet the checksum:
How to Check an MD5 Checksum on Windows
Time needed: 3 minutes.
To check an MD5 or SHA256 checksum on Windows using certutil:
- Open the Windows command line.
Do it fast: Press Windows R, type
cmdand press Enter.
Alternative: You can also open command prompt or Windows PowerShell from the Start menu, of course. - Go to the folder that contains the file whose MD5 checksum you want to check and verify.
Command: Type
cdfollowed by the path to the folder.
Tip: You can drag and drop a folder from Windows Explorer to insert the path. - Type
certutil -hashfile <file> MD5.<file>: Replace<file>with the filename.
Tip: You can use the Tab key to have Windows complete the file name.
Example: Typecertutil -hashfile Example.txt MD5to get the MD5 hash for the file Example.txt. - Press Enter.
Other hashing algorithms: See below for more hash algorithms (including SHA-1).
- Compare the resulting checksum to what you expect.
How to Verify Checksums Using SHA1 and Other Hashing Function on Windows
To verify a checksum generated with a hashing algorithm different from MD5:
- Follow all steps above with one exception:
- Replace “MD5” with the desired hashing function from the following table.
| Command | Hashing Function | Output |
|---|---|---|
MD2 | MD2 message-digest algorithm | 32 digits bf37869296b43d561623bbd1a9fceab1 |
MD4 | MD4 message-digest algorithm | 32 digits c0e01d37a2041634870aef33b646e3af |
MD5 | MD5 message-digest algorithm | 32 digits a5d0173a59d8b5728c655af1d45c803a |
SHA1 | SHA-1 secure hash algorithm 1 (160 bit) | 40 digits fc9421a01f0a605b7f99e11a78a41984e50c6fac |
SHA256 | SHA-2 256-bit secure hash algorithm | 64 digits c2397243964401a5aaec496993de6683ca414862164f6803cc839cbb1dfcb161 |
SHA384 | SHA-2 384-bit secure hash algorithm | 96 digits 37409aedd9519aae62c45652a83e5c3046e88eb6d9cc7115ab69efff45b842ecb0fc446786c7edd060f84d4ab2c3541a |
SHA512 | SHA-2 512-bit secure hash algorithm | 128 digits 177bb9d9f90f3c4da812d5d0e18f32191f59749bbc3e37fc009767cd23b1b40efec5b46943f6a41c81c8adbc67347b262b0f3fa65ab55cae7ef2a6552e9f8fac |
How to Check an MD5 Checksum on Windows: FAQ
Can certutil generate RIPEMD hashes?
No. Certutil supports the hashing functions above.
For other algorithms, you can turn to utilities such as HashMe or hashed, for instance.
Why should I use certutil to check an MD5 checksum?
An MD5 checksum lets you verify a file has not been changed.
This is a crucially important part of security, especially if you install software from a source other than an official store. If the file has been changed it could contain malware that spies on you or takes your data hostage, for instance.
If the software you use to check the MD5 checksum has itself been modified, it may report the changed file (i.e., the malware) as matching the original (i.e., safe).
Because
- certutil is part of Windows itself, it high up in the chain of trust and so
- you can trust the MD5 checksum generated with certutil.
(How to verify an MD5 (or SHA256) checksum tested with Windows 10 Version 21H1; updated December 2021)