Posted on Leave a comment

Validate a downloaded file on Windows 10 with MD5

It is always recommended to ensure authenticity of an application file downloaded from the internet before installing.
Of course, we still also run our antivirus to scan any downloaded file as well.

There are different methods in use – here’s what to do if the download site provides a MD5 checksum file as reference.
Some websites simply display the MD5 checksum, others offer the MD5 file (a file often with .md5 extension) to download which we can open with e.g. Notepad.

First, we open a command shell by pressing the Windows-Key + X-Key at the same time and select Windows PowerShell from the menu.
Now, change to the directory where the downloaded file is stored with the cd command, e.g. cd Downloads.

Tip: using the TAB-Key will auto-complete and you don’t have to type the complete file name.

certutil -hashfile Name-of-Downloaded-File MD5
(see image above) and wait for your PC to calculate the MD5 checksum of the file.

Finally, compare the MD5 checksum calculated in your command shell with the one displayed on the website or in the file opened with NotePad.
If they’re identical, the file is unaltered, not corrupted and it’s ok to install (after having run a scan with the antivirus protection).

Should the numbers be different, the file is most likely not identical to the file intended to download and should not be installed.
It’s better to check the download process from origin of the file

  • https in use on the website?
  • Lock sign displayed and confirming the website is identifying itself correctly?
  • Download path correct and still with correct https/ssh?
  • Size of downloaded file same as information shown on download page?

to checksum

  • Correct checksum file / information used for comparison?

once again to make sure to not endanger your system.