Checksum Files on Windows

I hate Windows. I really really hate Windows.

I often use Unix utilities like ‘md5sum’ and ‘sha1sum’ to get checksums of files so I can very quickly determine if I’ve downloaded a legit and uncorrupted copy of a file. The Unix versions allow you to pipe in a text file with a list of checksums and it will tell you if all of the files listed in the text file are legit — but Windows doesn’t have ‘md5sum’ or ‘sha1sum’.

That said — you can still get the checksums and compare them manually, using certutil. It will return sha1 by default, which is sufficient for file integrity checking, but you can specify other hashing types at the end of the command, such as MD5, SHA256, SHA384, and SHA512.

Because I’m paranoid about path hijacking (and you should be too), you should consider specifying the full path to certutil instead of letting Windows find it on your PATH, because over the years I’ve seen a few instances of malicious software hiding a fake certutil that returns tainted results.

c:\Windows\System32\certutil.exe -hashfile <thefile>

c:\Windows\System32\certutil.exe -hashfile <thefile> MD5

c:\Windows\System32\certutil.exe -hashfile <thefile> SHA256

You can also use Powershell:

Get-FileHash <thefile> SHA1

Get-FileHash <thefile> MD5

Get-FileHash <thefile> SHA256

Leave a Comment

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: