Purpose: Suppose you have created your own Custom Linux LiveCD by generating an ISO image file using mkisofs command or any other command. Now you want to distribute these ISOs to people and therefore you upload them to a web site and provide a link for the download. Suppose someone downloads the ISO but how can he/she make sure that he/she is getting the exact same copy that you have uploaded. In short if someone hacks the website on which you uploaded these ISOs and the hacker/cracker changes the contents of the ISOs then you would not want your users to use those ISOs.

Here we will discuss a technique which will enable your users to verify that nothing has changed on the ISOs since you uploaded them. This is a useful technique for large ISO downloads (500MB+) to ensure your users that they are receiving the correct data.

Requirements:

a) Any Linux Distro which has MD5SUM package installed.

b) ISO image that you have downloaded from a Web site.

Step 1: Install MD5SUM package

For Debian based distro do:
# apt-get update
# apt-get install coreutils

Step 2: Create a MD5SUM file

For testing purpose I have uploaded a small DSL (Damn Small Linux) ISO here called “dsl.iso”. You can download this and use this as an example to follow the rest of the post.

Now I will create a checksum file by giving the following command:
# md5sum dsl.iso > MD5SUM

This will generate a file called MD5SUM. You can view the contents of the file by:
# less MD5SUM
61694888aede3e01229865b8e6acd4a1 dsl.iso

Also you can have a single MD5SUM file for multiple ISOs. You don’t need to create an individual file for every ISO image. For example suppose you have another file called “memtest.bin” then you can do the following:
# md5sum memtest.bin >> MD5SUM
# less MD5SUM
61694888aede3e01229865b8e6acd4a1 dsl.iso
32fe76fda886150ffbf47d5c6e7b730f memtest.bin

Basically the append operator “>>” just keeps adding new entry for every new file. You can download the combined MD5SUM file here.

Note: Although I have been mentioning ISO files all the time but this technique can be used for any type of file like a .bin, .doc, .zip, .xls, .pdf, etc.

Step 3: Upload the file on some web server

After creating the ISO and the corresponding MD5SUM checksum file upload them to any web server that you have access to.

Step 4: Verify the MD5SUM checksum

Suppose you download the above ISO files at some different time and would like to verify if the download is correct or not then you need to download the MD5SUM file also that you/originator created in Step 2 above.

Note: Make sure that the ISO files and the corresponding MD5SUM file are downloaded in the same directory otherwise the test will fail. By default if you have not moved around anything then all should be good.

Check the ISO files by giving the following command:
# md5sum -c MD5SUM

You should see something like this:
dsl.iso: OK
memtest.bin: OK

In case of a checksum failure you might see something like this:
# md5sum -c MD5SUM
dsl.iso: FAILED
memtest.bin: OK
md5sum: WARNING: 1 of 2 computed checksums did NOT match
#

Step 5: Done

That’s it! You are done and ready to upload your ISOs and MD5SUM checksum file.

As usual, please leave a comment/feedback if you have any. Comments encourages bloggers to post more and keep their spirits high.

Also don’t forget to rate this post below.

Be Sociable, Share!