How to Verify the CHECKSUM of a Downloaded File

The verification of checksums is a critical security practice in the digital world, particularly when downloading files from the Internet.

The importance of checking checksums lies in its ability to detect any alterations or corruptions in the data. When files are transferred over networks, they can be susceptible to errors, malicious tampering, or corruption.

What is a Checksum?

A checksum is a unique, fixed-size string, derived from the data within a file through a mathematical algorithm. This string serves as a digital fingerprint, ensuring the file’s integrity and authenticity.

By comparing the checksum generated from the downloaded file against the original checksum provided by the source, users can verify that the file has not been modified in transit. This verification is crucial for preventing the installation of malware or compromised software, which can lead to security breaches, data loss, or other significant risks.

Real Life Example

Let’s start with the real life example. Search for Arch Linux and head to their download page.

Scroll down the page and click on the mirror and you will see this:

Click on the first link to download the ISO file, then click on the second text file (sha256sums.txt) to view the checksum value.

To verify the checksum of a downloaded file in Windows 10, you can use the built-in Command Prompt utility. A checksum is a type of digital fingerprint that allows you to ensure that the file you downloaded has not been tampered with or corrupted. Here’s how you can do it:

  • Step # 1 – Open Command Prompt:
    • Press the Windows key, type “Command Prompt” or “cmd” into the search bar, and press Enter. Alternatively, you can press Win + R, type cmd, and press Enter to open the Run dialog and launch Command Prompt.
  • Step # 2 – Navigate to the File Location:
    • Before you can check the file’s checksum, you need to navigate to the directory where the file is located using the cd (change directory) command. For example, if your file is located in the Downloads folder, you can type something like cd C:\Users\YourUsername\Downloads and press Enter. Replace YourUsername with your actual user name.
  • Step # 3 – Use the CertUtil Command:
    • Windows has a built-in utility called CertUtil that can be used to compute and verify file checksums. To use it, you will need to know which type of checksum you want to verify (MD5, SHA1, SHA256, etc.). The command format is as follows, then press enter:
Certutil -hashfile archlinux-2024.02.01-x86_64.iso SHA256
  • Step # 4 – Compare Checksums:
    • Finally, compare the checksum displayed in the Command Prompt with the checksum provided on the website from which you downloaded the file. If they match, the file is intact and has not been tampered with.


In summary, checksum verification is a simple yet powerful tool for enhancing digital security. It ensures that the files users download and use are genuine and unaltered, providing peace of mind in an environment where data integrity cannot always be taken for granted


Leave a Reply