Want to make sure a file has not been tempered with? Downloading installation files for Windows, for instance? Find out here how to verify an MD5 checksum on Windows (or SHA1 and SHA256 checksum) with tools built into Windows itself.
First, a 100¼ Year-Centennial
In what came to be known as the “White City,” pale neoclassical splendor invited guests to massive, yet impermanent pavilions in Chicago’s Jackson Park to celebrate four hundred years of Christopher Columbus landing in what was once called the “New” World—in 1893.
It was a special algorithm that made 1893 the year of the fourth centennial of 1492, and it takes a special algorithm to sum up a file of any length in a few bits. Meet the checksum:
How to Verify an MD5 Checksum on Windows
On a Mac? How to Verify an MD5 (or SHA) Checksum on a Mac
On Linux? How to Verify an MD5 or SHA Checksum on Linux
Time needed: 3 minutes
To check an MD5 or SHA256 checksum on Windows 10 and Windows 11 using the built-in certutil program:
- Open the Windows command line.
Do it fast: Press Windows R, type
cmd
and press Enter.
Alternative: You can also open command prompt or Windows PowerShell from the Start menu, of course. - Go to the folder that contains the file whose MD5 checksum you want to check and verify.
Command: Type
cd
followed by the path to the folder.
Drag not type: You can drag and drop a folder from Windows Explorer to insert the path. - Type
certutil -hashfile <file> MD5
.<file>
: Replace<file>
with the filename.
Tip: You can use the Tab key to have Windows complete the file name.
Example: Typecertutil -hashfile Example.txt MD5
to get the MD5 hash for the file Example.txt. - Press Enter.
Other hashing algorithms: See below for more hash algorithms (including SHA256).
- Compare the resulting checksum to what you expect.
While you’re at checking numbers: How to Get Your Windows Version and Build Number
How to Verify a Checksum Using SHA256 and Other Hashing Functions on Windows
To verify a checksum generated with a hashing algorithm different from MD5:
- Follow all steps above with one exception:
- Replace “MD5” with the desired hashing function from the following table.
Command | Hashing Function | Output |
---|---|---|
MD2 | MD2 message-digest algorithm | 32 digits bf37869296b43d561623bbd1a9fceab1 |
MD4 | MD4 message-digest algorithm | 32 digits c0e01d37a2041634870aef33b646e3af |
MD5 | MD5 message-digest algorithm | 32 digits a5d0173a59d8b5728c655af1d45c803a |
SHA1 | SHA-1 secure hash algorithm 1 (160 bit) | 40 digits fc9421a01f0a605b7f99e11a78a41984e50c6fac |
SHA256 | SHA-2 256-bit secure hash algorithm | 64 digits c2397243964401a5aaec496993de6683ca414862164f6803cc839cbb1dfcb161 |
SHA384 | SHA-2 384-bit secure hash algorithm | 96 digits 37409aedd9519aae62c45652a83e5c3046e88eb6d9cc7115ab69efff45b842ecb0fc446786c7edd060f84d4ab2c3541a |
SHA512 | SHA-2 512-bit secure hash algorithm | 128 digits 177bb9d9f90f3c4da812d5d0e18f32191f59749bbc3e37fc009767cd23b1b40efec5b46943f6a41c81c8adbc67347b262b0f3fa65ab55cae7ef2a6552e9f8fac |
How to Verify an MD5 or SHA256 Checksum on Windows: FAQ
Can certutil generate RIPEMD hashes?
No. Certutil supports the hashing functions above.
For other algorithms, you can turn to utilities such as HashMe or hashed, for instance.
Why should I use certutil to check an MD5 or SHA256 checksum?
An MD5 checksum lets you verify a file has not been changed.
This is a crucially important part of security, especially if you install software from a source other than an official store. If the file has been changed it could contain malware that spies on you or takes your data hostage, for instance.
If the software you use to check the MD5 checksum has itself been modified, it may report the changed file (i.e., the malware) as matching the original (i.e., safe).
Because
- certutil is part of Windows itself, it high up in the chain of trust and so
- you can trust the MD5 checksum generated with certutil.
Is there a md5sum for Windows?
You can get a copy of md5sum as part of GNU Core Utilities for Windows.
Caution : Even if you do check the downloaded installation file against the MD5 checksums published on the download page, it is more secure to use the utilities that come with Windows itself.
(How to verify an MD5 (or SHA256) checksum tested with Windows 11 Version 22H2 and Windows 10 Version 21H1; updated March 2024)