Verify a file's message digest fingerprint (checksum)

Author: Alex Nikiforov FreeBSD

Reviewer: name contact BSD flavour

Reviewer: name contact BSD flavour


Be familiar with the theory behind a message digest(((message digest))) fingerprint and why it is important to verify a file's fingerprint. In addition, be able to create a fingerprint as well as verify an existing fingerprint(((fingerprint))).


When you download some file from a server and you don't trust this server how can you verify that file is real, without any bogus parts? You can use fingerprint of this file for verify it.


You download file from some mirror in your country and want to verify it. Let's do it.

""> md5 file MD5 (file) = d3762ac7a4e45f8262aeb3362bb1f9b7 > sha1 file SHA1 (file) = 67d59b7fe01074dba2462e13633bd163453bff47

Now we have fingerprint for file and can verify md5 and sha1 fingerprint from server.

TODO: show same with "openssl" and mention other digest types?

TODO: briefly mention cksum, checksums and block counts

Practice Exercises

Get few fingerprints from your system via md5 and sha1

More information

md5(1), openssl(1), sha1(1), cksum(1)