What are the steps of verifying the sha256 checksums?

705    Asked by alexDuncan in SQL Server , Asked on Dec 24, 2021

How do I verify the checksum of a downloaded file, be it sha, pgp, etc. 

In my research regarding checksums, I understood that - A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity.

Effect of a typical checksum function (the Unix cksum utility)The procedure which generates this checksum is called a checksum function or checksum algorithm. Depending on its design goals, a good checksum algorithm usually outputs a significantly different value, even for small changes made to the input. This is especially true of cryptographic hash functions, which may be used to detect many data corruption errors and verify overall data integrity; if the computed checksum for the current data input matches the stored value of a previously computed checksum, there is a very high probability the data has not been accidentally altered or corrupted.


Checksum functions are related to hash functions, fingerprints, randomization functions, and cryptographic hash functions. However, each of those concepts has different applications and therefore different design goals. For instance, a function returning the start of a string can provide a hash appropriate for some applications but will never be a suitable checksum. Checksums are used as cryptographic primitives in larger authentication algorithms. For cryptographic systems with these two specific design goals, see HMAC.

Check digits and parity bits are special cases of checksums, appropriate for small blocks of data (such as Social Security numbers, bank account numbers, computer words, single bytes, etc.). Some error-correcting codes are based on special checksums which not only detect common errors but also allow the original data to be recovered in certain cases.

Answered by Andrea Bailey

Below are the steps to verify the sha256 checksums - Linux Specific TLDR; sha256sum -c the file.sha // thefile: OK Success! Unless you ran that command in a directory that doesn't contain the target of the shasum, in which case you'll get: sha256sum: thefile: No such file or directory thefile: FAILED open or read sha256sum: WARNING: 1 listed file could not be read

/TLDR; Verify for Yourself Everything you need to know can be found by using the md5sum man page: man md5sum Not because md5sum is particularly useful, but because if you forward search /BUGS you'll be treated to a nice overview of your options Do not use the MD5 algorithm for security related purposes. Instead, use an SHA-2 algorithm, implemented in the programs sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1), or the BLAKE2 algorithm, implemented in b2sum(1) They all have the same options, with the exception of b2sum which has an extra --length option. The following PRODUCES a sha signature: sha256sum yourFilename > yourFilename.sha where yourFilename.sha contains:

9f22b735f8f416bb8195cef9436ddec04db709132dae87137026b9725cf5678a yourFilename

  • To check simply run with --check option:
  • sha256sum -c yourFilename.sha
  • // yourFilename: OK
  • If this seems a little unsatisfying and magical, you can go a manual route with:
  • sha256sum yourFilename > homebrewSHA
  • And diff it against the sha file you downloaded from the internet:
  • diff suspiciousInternetSHA homebrewSHA
  • If the diff prints out anything at all, those are NOT the droids you're looking for. Otherwise, you're good!



Your Answer

Interviews

Parent Categories