How to check data integrity using md5sum under GNU/Linux

Photo of author

By rasho

In this article, we will describe how you can check the integrity of your data using the md5sum utility under the GNU/Linux operating system.

What is md5sum?

md5sum is a tool generally used to check data integrity. It calculates and verifies 128-bit MD5 hashes, so you could know if a particular file is a valid one or a corrupt one.

For example, let’s create a backup of the whole ‘example’ directory tarred in a ‘tar.gz’ file containing all the configuration data of the vps we’re using in this example:

# mkdir /tmp/example && cd /tmp/example
# tar -cpzf example.tar.gz /etc/

Then use the md5sum tool to calculate the hash value of the ‘example.tar.gz’ archive:

# md5sum example.tar.gz
6e0bde8e7a325322417e9782ed8e73f4  etc-backup.tar.gz

Ok, now the hexadecimal value is the MD5 hash for our data. How can we use this hash value to check if the integrity of the ‘example.tar.gz’ archive is valid and the archive is not modified? It’s quite easy and trivial, so once you’ve downloaded the backup archive:

# mkdir /tmp/downloads && cd /tmp/downloads
# wget http://example.com/path/to/example.tar.gz

you can use the md5sum tool to get the MD5 hash of the archive you’ve just downloaded.

# md5sum example.tar.gz
6e0bde8e7a325322417e9782ed8e73f4  example.tar.gz

As you are already noticing, the MD5 hash values are identical which means the file we downloaded is the one we need, is valid and healthy.
But what if in the meantime, someone / something modified the archive, for example let’s clear the backed ‘/etc/passwd’ file and re-create the ‘example.tar.gz’:
– extract the archive by executing:

# tar zxvf example.tar.gz

– clear the ‘/etc/passwd’ extracted from the archive:

# > etc/passwd

– create the ‘.tar.gz’:

# tar -cpzf example.tar.gz etc/

– check file’s integrity:

# md5sum example.tar.gz
25e34baa193512242bdee7158cfa2205  example.tar.gz

As you can see the MD5 hashes are different
(6e0bde8e7a325322417e9782ed8e73f4 != 25e34baa193512242bdee7158cfa2205) for the same exact file. So, this way you can know if your backup archive is valid and healthy.
And what if you’ve downloaded debian-net installer iso image for example and want to check it against the provided MD5 hashes? You can use the ‘-c’ switch which will read the hashes from the file(s) specified and will check them against the iso images.
So, to check it run:

# md5sum -c MD5SUMS 2>/dev/null | grep net

and you should get:

debian-6.0.5-amd64-netinst.iso: OK

If you liked this post please share it with your friends on the social networks using the buttons.

Leave a Comment