Two days back, one of my friends tried to install Parrot Security OS on his Asus Tuf Laptop. While Installing, he faces an issue. After that, he sends me a snapshot of his Laptop screen with the following error “There was a problem reading data. please make sure you have inserted the installation media correctly. If retrying does not work, you should check the integrity of your installation media (there is an associated entry in the main menu for that).”
After reading the error first question, I asked, “Did you verify SHA256 checksum?” He replied, “No” I guided him How to Verify SHA256 Checksum of File in Linux using sha256sum the very next moment, he said I don’t have any Linux distribution installed in my system, so I can’t perform this step.
Therefore, I provided alternative solutions to him. After that, he found that the checksum does not match. Through this guide, the windows user will be able to generate and verify SHA1, SHA256, MD5, and other checksum using the CertUtil command.
Table of Contents
Prerequisites
- Windows PowerShell or Command Prompt
- Checksum file (It is necessary to validate)
- File (Downloaded ISO file)
What is SHA256 Checksum?
A checksum is a small piece of a file which contains a series of number and strings that can detect the file has been comprised while downloading from the Internet.
You can verify checksum with the checksum utility tool. For that, you should have the original checksum file to match.
What is CertUtil?
CertUtil is a command-line tool that is preinstalled with Windows, and it is a part of Certificate Services. Basically, Certificate Services are responsible for validating request as per the set policy and issues the certificates.
By using the CertUtil command allow you to dump & display Configuration information issued by Certificate Services, verify certificates and many other important aspects.
And from the other important aspects, we have picked -hashfile parameter, and we will see how to generate and display a cryptographic hash over a file through this article.
CertUtil support following Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512.
How to Generate SHA1, MD5, and SHA256 Checksum using CertUtil
To run the CertUtil command, you can use Windows PowerShell or Command Prompt, and in this article, we will perform on Windows PowerShell.
How to open Windows PowerShell? You can simply press Window + X and Click on the 8th options from the bottom to run or Press the Windows key and search for PowerShell and run it.
We will walk you through the multiple ways to get different hash value using CertUtils such as
- Without specifying a type of Hash
- With SHA256 Hash
- With MD5 Hash
Without specifying type of Hash
When you run a below Syntax without specifying the type of hash, you will get the output for the SHA1 hash.
Syntax
CertUtil -hashfile 'ISO-FILE-PATH'
Example
CertUtil -hashfile 'E:\ISO\ubuntu-20.04.1-desktop-amd64.iso'
Output
SHA1 hash of E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso:
f464c9da265077063f68e3f094cd9b0337b148e5
CertUtil: -hashfile command completed successfully.
With MD5 Hash
To get the MD5 Hashes value, refer to the following syntax and make sure to replace ISO-FILE-PATH with the actual path.
Syntax
CertUtil -hashfile 'ISO-FILE-PATH' md5
Example
CertUtil -hashfile 'E:\ISO\ubuntu-20.04.1-desktop-amd64.iso' md5
Output
MD5 hash of E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso:
2b0bfcb7e9e95c8eadb14a6fb59efae8
CertUtil: -hashfile command completed successfully.
With SHA256 Hash
To get the SHA256 Hashes value, refer to the following syntax and make sure to replace ISO-FILE-PATH with the actual path.
Syntax
CertUtil -hashfile 'ISO-FILE-PATH' sha256
Example
CertUtil -hashfile 'E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso' sha256
Output
SHA256 hash of E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso:
93bdab204067321ff131f560879db46bee3b994bf24836bb78538640f689e58f
CertUtil: -hashfile command completed successfully.
How to Download Checksum for Ubuntu and Other Linux Distribution’s
From the above step, we have generated a checksum value using CertUtils commands. To verify, you will require an Orignal Checksum, So the question arises How you will get the original checksum to validate?
One can able to download or view the Original checksum from a respective Official Linux Distributions page. To get a better understanding, we will see an example.
For example:- I had downloaded Ubuntu 20.04.2.0 from the Official page and the next step, especially for Ubuntu user, need to visit on Releases Ubuntu for a newer version & older version user click on Old Release Ubuntu and for other Linux, Distributions search checksum options on their respective Distributions webpage.
In my case, I have clicked on Releases Ubuntu, and Once the page gets loaded, select the version of the downloaded ISO and Clik on “SHA256SUMS” to view SHA256SUM Hashes.
In the next step, you will see how to match generated hash with the original checksum.
How to match Hash value with Original Checksum
To match the hash value, you will require Original Checksum, which you already get from the above step and even know how to generate hash for Downloaded ISO file.
With an example, I’ll explain to you How to match hash value?
Example
CertUtil -hashfile 'E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso' sha256
CertUtil
Command with -hash parameter to generate and display cryptographic hash value.E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso
A path of ISO filesha256
Over here, I have a specified type of hash; otherwise, I’ll get the sha1 checksum.
Output
SHA256 hash of E:\ISO\ubuntu-20.04.2.0-desktop-amd64.iso:
93bdab204067321ff131f560879db46bee3b994bf24836bb78538640f689e58f
CertUtil: -hashfile command completed successfully.
From the above output, I get the hash value. After that, I simply copy the hash value, open the checksum page or checksum file, and use the find tool, or use the shortcut Ctrl + F and paste the generated hash value.
If the generated checksum get a match from the original checksum means you are good to go; else, you need to download the ISO file again 😧
Wrap Up
That’s all to Generate, Download and Match the Original Checksum value on Windows Machines using CertUtil commands.
If you are stuck somewhere, please feel free to comment down and If you like the article or somewhere I missed something, please let me know to make this article more amazing.
A man with a tech effusive who has explored some of the amazing technology stuff and is exploring more. While moving towards, I had a chance to work on Android development, Linux, AWS, and DevOps with several open-source tools.