How to Verify File Integrity with MD5 and SHA‑512 Checksums on Linux

Introduction

In everyday computing—downloading files, transmitting data, or backing up important information—ensuring data integrity is essential. This article introduces how to use MD5 and sha512sum checksums to verify file integrity.

MD5 Algorithm Overview

The MD5 algorithm (Message‑Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128‑bit (16‑byte) hash value, typically represented as a 32‑character hexadecimal string. It is commonly employed for data integrity checks.

Key properties of MD5:

Compression: regardless of input length, the MD5 output length is fixed.

Ease of computation: generating an MD5 hash from data is straightforward.

Modification resistance: even a slight change in input yields a different hash.

Collision resistance: finding a different input that produces the same MD5 hash is extremely difficult.

Although MD5 has known theoretical vulnerabilities, it remains sufficiently secure for basic file integrity verification.

What Is a Checksum?

A checksum is a short, fixed‑size bit sequence computed from a data set using a specific algorithm. Small changes in the input data produce significantly different checksums, making them useful for detecting errors during transmission or storage.

In file integrity verification, comparing a file's original checksum with a newly computed one determines whether the file has been altered. Matching checksums indicate the file is intact; mismatches suggest corruption or tampering.

Both MD5 (128‑bit) and SHA‑512 (512‑bit) can generate checksums, with SHA‑512 offering a higher security level due to its longer hash.

Using MD5 and sha512sum to Verify File Integrity

Suppose we have a file calico.yaml that we want to send securely. First, compute its MD5 hash:

root@k8scludes1:~# md5sum calico.yaml
9cc4a633f4ba45f0fd723512ec60f330  calico.yaml

Transfer the file to the target machine:

root@k8scludes1:~# scp calico.yaml 192.168.110.131:/root/test/

On the receiving machine, list the file to confirm receipt:

[root@etcd2 test]# ls
calico.yaml

Generate the MD5 checksum again on the destination and compare it with the original value; identical hashes confirm the file was not modified.

Digital signatures work similarly: the checksum can be encrypted with a private key, transmitted alongside the file, and verified with the corresponding public key.

Create a directory to store checksums:

root@k8scludes1:~# mkdir checksum
root@k8scludes1:~# cd checksum/
root@k8scludes1:~/checksum# ls
calico.yaml

Compute the SHA‑512 checksum:

root@k8scludes1:~/checksum# sha512sum calico.yaml
94eece98db92232a42080e33f87e0659182e2ff9e347db38a494928c247289fcfa763a20e18ee63a84fe87f436b91e710927d138621640d6753083b8b339e8cf  calico.yaml

Save the checksum to a file:

root@k8scludes1:~/checksum# sha512sum calico.yaml > check.txt
root@k8scludes1:~/checksum# cat check.txt
94eece98db92232a42080e33f87e0659182e2ff9e347db38a494928c247289fcfa763a20e18ee63a84fe87f436b91e710927d138621640d6753083b8b339e8cf  calico.yaml

Remove duplicate lines if any:

root@k8scludes1:~/checksum# cat check.txt | uniq
94eece98db92232a42080e33f87e0659182e2ff9e347db38a494928c247289fcfa763a20e18ee63a84fe87f436b91e710927d138621640d6753083b8b339e8cf  calico.yaml

Finally, verify the checksum against the file:

root@k8scludes1:~/checksum# sha512sum -c check.txt
calico.yaml: OK

Conclusion

MD5 and SHA‑512 checksums provide effective methods for verifying file integrity, helping ensure data consistency during download, transfer, or backup operations. While these hashes detect accidental corruption, they do not protect against intentional tampering. For confidentiality and stronger integrity guarantees, consider using encryption algorithms such as AES or RSA.