Steps to verify the checksum of an ISO file in Linux

Whenever you download a Linux ISO from websites of various distributions, it is recommended to verify the file’s integrity using the sha256sum or md5sum checksum. Because Linux is open source, anyone can get the source code, and modify it to inject any malicious code.

And if you have not downloaded the ISO from any official source, there is a high chance that the ISO has been tampered with. So before installing any distribution, you should check the integrity of the ISO.

The possibility of change or errors is directly proportional to the size of the file, so the heavy your ISO is, the chance of you encountering any kind of error is also high.

Sha256sum is a program designed specially to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits). It can verify both the integrity and authenticity of any file.

md5sum on the other hand verifies the 128-bit MD5 hashes of the files. These hashes essentially work as the fingerprint of the file

In this tutorial, we will learn to check the integrity of Linux ISOs using both of these checksums.

Using sha256sum

For this tutorial, I’ve selected Linux Mint Cinnamon 21 ‘Vanessa’ ISO, although the process is entirely the same as any Linux distribution’s ISO. First, I downloaded the ISO using the Torrent given on their official website.

Downloaded The Linux Mint ISO Using Torrent
Downloaded The Linux Mint ISO Using Torrent

Now, I’ve also saved the checksum provided on the official website.

Save The Checksum From Official Website
Save The Checksum From Official Website

Now, simply open a Terminal and Type the following command :

cd Downloads/
sha256sum linuxmint-21-cinnamon-64bit.iso
cat sha256sum.txt
The Checksums Of Linux Mint Cinnamon Matches Exactly
The Checksums Of Linux Mint Cinnamon Matches Exactly

As you can see, my Linux Mint ISO and the text file I downloaded from the official website have the same SHA256sum. Therefore, my ISO is the official one and has not been tampered with.

Summary

Well, that was about it, many distributions nowadays do not use MD5sums in order to verify their ISOs, I have personally checked Ubuntu, Pop_OS!, Linux Mint, and, Fedora’s website and could not find any link to their MD5sum file. However, if you have any doubts regarding the sha256sum program, then you can go ahead and ask in the comments, you can also refer to the manual page of this command.