Verifying Downloads

The Project
Project Questions Roadmap
Media Preparations
What should I download? Verify for Corruption Verify for Tampering Imaging a USB Drive Burning to DVD

Verify for Corruption

A checksum is a string of letters and numbers that is unique to a file, like a fingerprint. Checksums are generated by different algorithms, with the two most popular being Secure Hash Algorithms (SHAs) and the MD5 algorithm. Ubuntu MATE provides the SHA256 checksum on its download page.

Verifying a download involves checking the checksum of the file you downloaded versus the checksum provided on the download web site. Mismatching checksums can indicate a corrupted or otherwise compromised file, so verifying your downloads is a good habit to adopt!

As an alternate, you can check your downloaded is trustworthy, by verifying the digital signature of the file instead.

Windows

This method uses a third-party application named MD5 & SHA Checksum Utility.

  • Download MD5 & SHA Checksum Utility
  • Launch the application MD5_and_SHA_Checksum_Utility.exe

  • Click on the Browse button and browse to the Ubuntu MATE ISO file.

    MD5 and SHA Checksum

Note: To make calculation faster, it’s only necessary to check the checksums you have values for.

macOS

On macOS, you can verify checksums easily and manually in the command line, as shasum comes preinstalled.

  • Open a Terminal window and a Finder window containing the ISO.

  • Type shasum -a 256 and drag the ISO’s file icon into Terminal.

    Macbook SHA1

  • Press Enter to begin the process. This may take a few moments.

  • Compare the SHA256 checksum printed to the command line to the checksum on the image’s download page.

    Macbook SHA2

GNU/Linux

GtkHash

This application can be installed via your distribution’s software manager, if it is not already installed.

  • Launch gtkhash
  • In the File dropdown menu, select the ISO you wish to check
  • On the page where you downloaded the ISO, copy the SHA256 checksum and paste into the Check field

  • Click Hash - a green checkmark means the image is verified

    Gtkhash

Command Line

On every distribution, you have command line tools for verifying checksums. In this case, we’re interested in the sha256sum tool.

  • First, switch to the directory where the ISO is stored
  • Enter sha256sum ubuntu-mate-XX.XX-version.iso, substituting the name of the specific ISO you downloaded.
  • Compare the SHA256 checksum printed to the command line to the checksum on the download page.

Ubuntu MATE

On current Ubuntu MATE versions (18.04 LTS and newer), caja-gtkhash is pre-installed and allows you to perform checksums from within the file browser.

  • Navigate to the file in the Caja file manager.
  • Right click the file and choose Properties.
  • Open the Digests tab.

  • Copy the SHA256SUM checksum from the download page and paste into Check field. The green check mark means the download is verified.

    Check SHA256 Hash