Windows built-in MD5 and SHA checksum calculators

For several downloads on our website MD5, SHA1 and SHA256 checksum information is provided. Checksum is a hash value used for performing data integrity checks on files. This is used for error checking during file downloads but it can also be helpful to verify that the downloaded file is the same file as the author has uploaded.

Windows offers multiple options to check a file for its hash value. The first option is by using the Windows Command Processor (cmd or Command Prompt) in combination with the CertUtil command, the second option is by using Windows PowerShell in combination with the get-filehash command. Note that the CertUtil command is also available for Windows PowerShell.

Hash validation by using the build-in Windows command CertUtil Hash validation by using the Windows PowerShell command get-filehash

Windows Command Processor

Open the Windows Command Processor (cmd or Command Prompt) and enter the following:

CertUtil -hashfile <path to file> <hash algorithm>

If no hash algorithm is given CertUtil uses SHA1 by default. Possible options for the hash algorithm are:

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

For example, to check the integrity for a downloaded file named WinSubst.zip by using the SHA256 hash algorithm just enter:

CertUtil -hashfile WinSubst.zip SHA256

or, if you like to include the full path for example:

CertUtil -hashfile C:\users\[user name]\WinSubst.zip SHA256

Hash validation by using the build-in Windows command CertUtil

The hash result with CertUtil in this example (SHA256 Hash) is 8B4C0912CAC586411F17D96054596B7A74EFB7A7F7FC8A46107EF7814E77A8B1. It will be of no surprise that CertUtil gives exactly the same result as get-filehash.

Windows PowerShell

Open Windows PowerShell and use the CertUtil command as for example:

get-filehash -Algorithm <hash algorithm> <path to file>

If no hash algorithm is given get-filehash uses SHA256 by default. Possible options for the hash algorithm are:

  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • MACTripleDES
  • RIPEMD160

For example, to check the integrity for a downloaded file named WinSubst.zip by using the SHA256 hash algorithm just enter:

get-filehash -Algorithm SHA256 WinSubst.zip

or, if you like to include the full path for example:

get-filehash -Algorithm SHA256 -LiteralPath C:\users\[user` name]\WinSubst.zip

Hash validation by using the Windows PowerShell command get-filehash

The hash result with get-filehash in this example (SHA256 Hash) is 8B4C0912CAC586411F17D96054596B7A74EFB7A7F7FC8A46107EF7814E77A8B1. It will be of no surprise that get-filehash gives exactly the same result as CertUtil.