How to Verify File Integrity Using MD5 and SHA1 Hashes?

One simple way to ensure a file downloaded from the internet has not been changed in some way from the original is to check the file integrity by looking at the hash value.

A couple of the popular hash algorithms are MD5 and SHA1 and you will sometimes see these hash values listed on websites when you go to a software download page. An MD5 signature consists of 32 hex characters, and a SHA1 signature consists of 40 hex characters.

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.

this tool is available for download from the Microsoft Download Center

Syntax

fciv.exe [Commands] <Options>

Commands

• -add file | dir: Compute the hash and send it to an output device (default screen). The dir parameter has the following options:
  • -r: Recursive.
  • -type: Specify file type. For example, -type *.exe.
  • -exc file: Do not compute these directories.
  • -wp: Do not store the full path name. (By default, FCIV stores the full path name.)
  • -bp: Remove the base path from the path name of each entry.
• -list: List entries in the database.
• -v: Verify hashes. The -v option has the following option:
  • -bp: Remove the base path from the path name of each entry.
• -?, -h, or -help: Open extended help.

Options

• -md5, -sha1, or -both: Specify hash type. (By default, MCIV uses -md5.)
• -xml db: Specify database format and name.
  
  Note When you use the -v option to verify a hash, FCIV also sends a return error code to indicate whether a hash is verified. A zero (0) indicates success, and a 1 indicates failure. With the return error code, you can use FCIV in automated scripts to verify hashes.

Example usage

• To display the MD5 hash of a file, type the following command at a command prompt:
  fciv.exe filename
  Note filename is the name of the file.
• To compute a hash of a file, type a command line that is similar to any one of the following command lines:
  fciv.exe c:\mydir\myfile.dll
  
  fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml
  
  fciv.exe c:\mydir -type *.exe
  
  fciv.exe c:\mydir -wp -both -xml db.xml
• To list the hashes that are stored in a database, type a command line that is similar to the following command line:
  fciv.exe -list -sha1 -xml db.xml
• To verify a hash in a file, type a command line that is similar to any one of the following command lines:
  fciv.exe -v -sha1 -xml db.xml
  
  fciv.exe -v -bp c:\mydir -sha1 -xml db.xml

You can also get binary md5 programs from here , here , or here.