Ade Malsasa Akbar contact
Senior author, Open Source enthusiast.
Thursday, April 20, 2017 at 14:29

Verifying checksum for a GNU/Linux image is similar to comparing fingerprints for human. It verifies that your downloaded Ubuntu image is valid or not. By valid here it means it's 100% the same as the file on official server. Whenever it's verified valid, then it's OK for you to use it and further to redistribute. But whenever it's not valid, it means the image is probably corrupted, broken, of even altered by somebody else. This short tutorial shows 3 steps to verify Ubuntu image for beginners.

Subscribe to UbuntuBuzz Telegram Channel to get article updates directly.

What You'll Do?

You will extract the "fingerprint" of your downloaded ISO image and compare it to its official "fingerprint".

1. Find the Checksum First

The official checksum values ("fingerprints") are always available on Ubuntu image download server. They are just TXT files containing image file names and checksum strings. You get them from You may choose between MD5SUMS, SHA1SUMS, or SHA256SUMS available. Any choice should be OK.

For example, these are checksum links for:

Latest version Ubuntu 17.04 (


The MD5SUMS content looks like below:

Old version Ubuntu 12.04 (


The MD5SUMS content looks like below:

2. Verify Downloaded Image

Extract checksum value from your Ubuntu image by running one of three commands: md5sum, sha1sum, or sha256sum. You see the command names are similar to the official checksum files meaning the result should be compared to respective checksum.

These are some examples for verifying a ubuntu-mate-17.04-desktop-amd64.iso image:

MD5SUM Command:
$ md5sum -b ubuntu-mate-17.04-desktop-amd64.iso


5f9c81873171bb716715c6a2ae8ff722 *ubuntu-mate-17.04-desktop-amd64.iso

SHA1SUM Command:
$ sha1sum -b ubuntu-mate-17.04-desktop-amd64.iso


14dd7b2c2766e6205ad71100ac99c90b1aa92d1c *ubuntu-mate-17.04-desktop-amd64.iso

SHA256SUM Command:
$ sha256sum -b ubuntu-mate-17.04-desktop-amd64.iso


acfcf1ab54946c67e99e0503c23385e697046fae45e393661d501100844d9a5d *ubuntu-mate-17.04-desktop-amd64.iso

The long, single alphanumerical strings are the hash checksum values. They are the "fingerprints".

3. Compare Between Your Value and Official Value

Now you just need to compare your checksum value and its official one. The method is truly easy: copy the value > go to your browser > open the official value > Ctrl+F > paste > you should find the search matches. You just need to do this once, for example compare MD5 value with MD5SUMS, that's enough.

Compare MD5 value with MD5SUMS:

Compare SHA1 value with SHA1SUMS:

Compare SHA256 value with SHA256SUMS:

4. How If The Comparison Failed?

While you find your value and the official values are different, it means your downloaded ISO image is not exactly the same as the one available on server. It may be corrupted, or not downloaded completely, or even broken. If that is the case you should re-download the ISO image from start.