Checking SHA-256 Checksums with certutil, sha256sum, and 7-⁠Zip
Updated 2021-December-3

Page contents

News

2021-November-4  Published this evolving⁠[1] article.

 

Prerequisites

This article assumes you know how to…

  • launch a terminal emulator,

  • identify the command-line shell you are using (Bash, CMD, PowerShell, etc.), and

  • use the command line.

 

Why I wrote this

I’m in the midst of trying some Linux distributions and for each .iso file that I download, I need to check its SHA-256 checksum as part of making sure I don’t install a trojan horse operating system.

Below I describe three ways to determine the SHA-256 checksum of a file named FILENAME.

 

Command-line tools

Step 1: Launch a terminal emulator

Launch a terminal emulator and change directory (cd) to the directory that contains FILENAME.

💡

On Windows, the following is an easy way to do this.

  1. Locate FILENAME's directory in File Explorer.

  2. Shift+Right Click on a blank region in that directory.

  3. In the context menu, choose one of the following options.

    • Git Bash Here[2][3]

    • Open PowerShell window here

    • Open in Windows Terminal

    The options you see in this context menu depend on what is installed on your system.

 

Step 2: certutil command (PowerShell and cmd.exe)

In PowerShell or cmd.exe,[4] run the following commands.

  1. To check if the certutil command is available, run where.exe certutil

  2. To check if FILENAME is in the current directory, run dir or dir |more

  3. To display the SHA-256 checksum of FILENAME, run

    certutil -hashfile FILENAME sha256
                       ^^^^^^^^
                       use actual file name here

 

💡
To avoid typing more than the first few characters of FILENAME, you can use tab completion.

 

Step 2 Alternative: sha256sum command (most Unix-⁠like shells)

In a Unix-like shell, including Git Bash,[3] run the following commands.

  1. To check if the sha256sum command is available, run which sha256sum

  2. To check if FILENAME is in the current directory, run ls or ls |less

  3. To display the SHA-256 checksum of FILENAME, run sha256sum FILENAME

 

💡
To avoid typing more than the first few characters of FILENAME, you can use tab completion.

 

GUI tool

7-Zip’s Right-click context menu

If you have installed 7-Zip and selected the option called…

    Integrate 7-Zip to shell context menu

…then CRC-SHA > SHA-256 will be available when you Right-click on FILENAME in your GUI file manager.

 

💡
To view and possibly edit 7-Zip’s options, launch 7zFM (7-⁠Zip File Manager) and choose Options… from the Tools menu.

 

References

See also

Endnotes


1. Many Infinite Ink articles, including this one, are evergreen and regularly updated.
2. Git Bash Here will be an option if Git for Windows is installed on your system and if you selected Windows Explorer Integration during your G4W setup.
3. To learn about Git Bash, which is part of Git for Windows, see Infinite Ink’s Git Bash Is My Preferred Windows Shell.
4. cmd.exe is also known as CMD and is pronounced “cee em dee.” It’s also sometimes referred to as the “Command Prompt” (which is a completely ambiguous name IMHO). Details are at Wikipedia’s cmd.exe.

Comments and questions 📝 👍 👎 🤔

Your public comment or question might immediately improve this page or help me to (eventually) improve this page.