To ensure that a file has not been tempered with or was corrupted during a transfer or download we can verify the checksums with tools built into Windows.

This is a crucially important for security purposes, especially if you install software from a source other than an official site. If the file has been changed it could contain malware that spies on you or takes your data hostage, for instance.

The checksum verification tool you use is also important which is why I recommend using the built in Windows PowerShell and certutil tools.

In this article I provide simple and quick Windows commands to verify MD5 and SHA256 checksums.

 

Verify file MD5 or SHA256 Checksums on Windows

To check an MD5 or SHA256 checksum on Windows using the built-in certutil tool:

  1. Open the Windows command prompt by clicking Start then type CMD.
  2. The command prompt will appear then enter the following command: certutil -hashfile <file> <checktype>
    • Where <file> is the full path of the file you want to obtain the checksum for.
      • Note you can drag and drop the file into the command prompt window and the full path will be automagically inserted for you.
      • If you open CMD as an Administrator, the file drag to drop feature into the CMD window does not function, for some reason.
      • For example, type certutil -hashfile (then drag the file into window which will display here) followed by checktype MD5/SHA256/etc.
    • Where <checktype> is either MD2, MD4, MD5, SHA1, SHA256, SHA384 or SHA512
      • Example for MD5: certutil -hashfile “C:/isos/kali-linux.iso” MD5
      • Example for SHA256: certutil -hashfile “C:/isos/kali-linux.iso” SHA256
  3. Press Enter which will then show you the desired checksum value for that file.
  4. Compare the resulting checksum with what you expect.
    • If it is different, try the download and verification process again.
    • If it persists, contact the website owner, developer or support team for assistance.

 

Verify SHA256 Checksums using PowerShell

To check a SHA256 checksum on Windows using the built-in PowerShell tool:

  1. Click on Start and type PowerShell, right mouse click on the Windows PowerShell App icon and select Run as administrator.
  2. Type the following and add a space: Get-FileHash
  3. Drag the downloaded file onto the Windows PowerShell window after the Get-FileHash command which will automagically insert the full path for you then press Enter.
    • For example: Get-fileHash C:\Users\UserName\Downloads\kali-linux.iso
  4. Compare the resulting checksum with what you expect.
    • If it is different, try the download and verification process again.
    • If it persists, contact the website owner, developer or support team for assistance.

 

Conclusion

I hope my article on verifying file checksum hashes using tools built-in Windows has helped you increase your cybersecurity. I welcome your thoughts, questions or suggestions regarding this article.

You may support my work and future improvements by sending me a tip using your Brave browser or by sending me a one time donation using your credit card.

Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.