Verifying Downloads

The Project
Project Questions Roadmap
Media Preparations
What should I download? Verify for Corruption Verify for Tampering Imaging a USB Drive Burning to DVD

Verify for Corruption

A checksum is a string of letters and numbers that is unique to a file, like a fingerprint. Checksums are generated by different algorithms, with the two most popular being Secure Hash Algorithms (SHAs) and the MD5 algorithm. Ubuntu MATE provides the SHA256 checksum on its download page.

Verifying a download involves checking the checksum of the file you downloaded versus the checksum provided on the download web site. Mismatching checksums can indicate a corrupted or otherwise compromised file, so verifying your downloads is a good habit to adopt!

As an alternate, you can check your downloaded is trustworthy, by verifying the digital signature of the file instead.

Windows

On Windows, you can verify checksums from the command line.

  • Copy the downloaded file by selecting the file in the File Explorer and pressing Ctrl + C.
  • Open a Command Prompt window or a PowerShell window.
  • Type certutil -hashFile followed by a space and press Ctrl + V. This should paste the file path in the command line. Then press space.

  • Type SHA256 at the end. The command should look like this:

    Windows SHA256

  • Press Enter to begin the process. This may take a few moments.

    Windows SHA256

  • Compare the SHA256 checksum printed to the command line to the checksum on the image’s download page.

    Windows SHA256

macOS

On macOS, you can verify checksums easily and manually in the command line, as shasum comes preinstalled.

  • Open a Terminal window and a Finder window containing the ISO.

  • Type shasum -a 256 and drag the ISO’s file icon into Terminal.

    Macbook SHA1

  • Press Enter to begin the process. This may take a few moments.

  • Compare the SHA256 checksum printed to the command line to the checksum on the image’s download page.

    Macbook SHA2

GNU/Linux

GtkHash

This application can be installed via your distribution’s software manager, if it is not already installed.

  • Launch gtkhash
  • In the File dropdown menu, select the ISO you wish to check
  • On the page where you downloaded the ISO, copy the SHA256 checksum and paste into the Check field

  • Click Hash - a green checkmark means the image is verified

    Gtkhash

Command Line

On every distribution, you have command line tools for verifying checksums. In this case, we’re interested in the sha256sum tool.

  • First, switch to the directory where the ISO is stored
  • Enter sha256sum ubuntu-mate-XX.XX-version.iso, substituting the name of the specific ISO you downloaded.
  • Compare the SHA256 checksum printed to the command line to the checksum on the download page.

Ubuntu MATE

On current Ubuntu MATE versions (18.04 LTS and newer), caja-gtkhash is pre-installed and allows you to perform checksums from within the file browser.

  • Navigate to the file in the Caja file manager.
  • Right click the file and choose Properties.
  • Open the Digests tab.

  • Copy the SHA256SUM checksum from the download page and paste into Check field. The green check mark means the download is verified.

    Check SHA256 Hash