SHA256 Checksum - Windows

In brief

    This post shows how to check the integrity of downloaded files in Windows.

    No extra software is required.

    The example which follows is based on checking the integrity of

    Fedora-Workstation-Live-x86_64-37-1.7.iso

Step 1 - Command Prompt

    Open a Command Prompt window. 

    Hint: Select the Windows Start button, directly type in cmd  (no need to position the cursor first) and press enter.

    Navigate to the location of the file you want to check.

    For example: If the file was downloaded to the Downloads folder, then in the Command Prompt window type:

    cd Downloads and press enter.

Step 2 - Calculate the SHA256 checksum

    List the contents of the folder by typing dir and press enter.

    In the Command Prompt window type:

    CertUtil -hashfile " (Do not press enter yet).

    

    Using the mouse, select the name of the file (including the extension) from the list above that you want to check.

    Copy the file name.

    Hint: Shortcut in Windows is CTRL + c.

    Paste the file name.

    Hint: Shortcut in Windows is CTRL + v.

    Type " sha256 and press enter.

    It takes a little while to calculate the hash, allow the command to run.

    When complete, CertUtil will report:

    CertUtil: -hashfile command completed successfully. 

Step 3 - Compare hash values

    Type if " (Do not press enter yet).

    Using the mouse, select the calculated hash value and copy it.

    Hint: Windows shortcut: Ctrl + c.

    Paste the value.

    Hint: Windows shortcut C + v.

    Directly after pasting the value, type " == "

    Locate the hash value provided by the vendor and copy it (See step 4 below for details).

    Paste the value after the inverted comma.

    Directly after the value type

    " (echo Checksum values match) else (echo Values do not match, there is a problem)

    Press enter.

    If the hash values match, the last output line should confirm: Checksum values match.

    Important: If the last output line is "Values do not match, there is a problem", it might be due to:

1. There is a problem with the download or 
2. An incorrect hash value from the vendor might have been used.

    Comparing the first and last three characters in both hash values will give an idea of whether the hashes match or not.

Step 4 - Locating the SHA256 hash value from vendor's websites.

    Make sure that you select the SHA256 value which matches your downloaded ISO file.

    Here are links to hash values provided by:

        1. VirtualBox 7 - select the hash value which matches the version of your download.

        2. CentOS - select the link for the mirror you prefer, an example is hosted by The University of Warwick

            Select the SHA256 value for the version which matches your download.

        3. Fedora - On the Download page, scroll down and select Verify your download.

    For the Desktop version select Fedora 37 x86_64 (iso) CHECKSUM 

    The SHA256 hash will be displayed.

    Copy the hash value.

    Continue with the instructions provided in the Step 3 section above. 

        4. openSUSE Leap - the link to the SHA256 value, select Checksum

        5. Ubuntu 20.04 - scroll down to the list of hash values and select SHA256SUMS.

    Copy the hash value (Ctrl+v)