MD5 sum - how to run on downloaded file

I downloaded a JavaScript file from a vendor's site. The email contained a long hex code called an MD5 sum.
e.g. They said:
Important: verify the md5 sum we have computed before using:
00351e49b26963291e0264f6a52286b2

From what I understand, this sum represents a "fingerprint" that is computed from the source code file before it's downloaded. Now, I need to run the file that I downloaded to my PC through (for lack of a better word) and MD5 generator to confirm the download was OK. In other words, this generator should spit out the same hex code.

What is the best way to do the above? (Ideally, the software would be free. :) )

Thanks!
Steve
LVL 4
Stephen KairysTechnical Writer - ConsultantAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
James BilousConnect With a Mentor Software EngineerCommented:
Ah sorry, forgot  about that requirement. In that case you can probably just use CertUtil which is built into Windows 10. Run it like this:

C:\> CertUtil -hashfile your/path/file.js MD5

Open in new window

1
 
James BilousSoftware EngineerCommented:
Are you on linux or windows?
0
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
James,
On Windows. (Win10). Thanks!
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
James BilousSoftware EngineerCommented:
Here's a free command line tool provided by Microsoft to verify MD5's:

https://www.microsoft.com/en-us/download/details.aspx?id=11533
0
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
James,
Thank you. This tool looks promising per my needs; however, I am concerned that the supported versions stop before Win7. In fact, the release date of the tool seems to predate the release date of Win8, which I think (don't hold me to it), was October, 2012.

Microsoft MD5 tool info
Will I be OK with Win10, or should we look for a tool (either from Microsoft or otherwise) that is supported for Win10?

Thanks,
Steve
0
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
@James, no worries. :)

I tried the utility, but the resultant MD5 code differs from what the vendor provided, even discounting the embedded spaces added by CertUtil.

Vendor: 4e0968786313dec27558fdc5241ea0dd
CertUtil: 35 32 26 82 8c 14 0d 7a c5 89 74 19 f1 96 96 63

This issue occurred with two different downloads, five days apart, so I doubt seriously that two separate downloads would have been corrupted. In fact, I ran a file compare (using EXAMDIFF) on them, and the only delta was per a comment containing the file date. If there was corruption, I'd imagine there'd be numerous deltas...

Maybe there's some parameter I need to feed to CertUtil?

Thanks!
0
 
James BilousSoftware EngineerCommented:
Metadata can change on a file which, when compared using diff on the file content itself, can show no differences but vastly different checksums. Are you certain that md5 is for the exact file you downloaded? There's no possibility that the vendor provided md5 has changed?

There are no other parameters in md5, it is a very specific algorithm. There are of course other algorithms that CertUtil can run such as SHA(256, 512, etc etc), but from the look of your original post the vendor has been explicit about the checksum being md5.
0
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
I may have to contact the vendor then.

But, I'm curious: how can two files show "no differences but vastly different checksums".  I would think that two identical files, when run through the same algorithm that produces an MD5 sum would always return the same sum....what am I missing? :)
0
 
James BilousSoftware EngineerCommented:
Files are not just what you see when you open them up. There is "metadata" that is associated with them, or "data about the data", that may include things like creation date, author, organization, revisions dates, etc, visible only through property inspection. For example, if you right click the file in question, click properties and go over to the "details" tab, you'll see all the metadata associated with the file. Changing this will change the overall checksum of the file, since it is an encryption of every single byte associated with the payload, not just the content visible to someone in a text editor, for example.
0
 
Schnell SolutionsConnect With a Mentor Systems Infrastructure EngineerCommented:
Stephen, can you please send us the link of the download file and where they have their MD5 information to make a test?
2
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
Problem solved!

I should have mentioned that the downloaded file is a ZIP file containing the JS file. i assumed the MD5 sum provided in the email applied to the .JS file; however, it applied to the ZIP file! :) Once I ran CERTUTIL on the ZIP file for two different instances, the sum appears to be fine.
 
Thank you, everyone!  I realized this "flaw in my process" when starting to write a response to SchnellSolutions per to download the file. Working with both of you helped me brainstorm this issue.

Points coming shortly!
0
 
Stephen KairysTechnical Writer - ConsultantAuthor Commented:
@James,
Thank you again for educating me about the CertUtil Utility. I'm sure i'll have use for it again.

@Schnell - Your sensible offer of trying the download is what led my brain to find the solution, so you earned points as well! :) Thanks!

Great collaboration, both of you!

Steve
0
 
Schnell SolutionsSystems Infrastructure EngineerCommented:
Great :)

Thanks for the feedback
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.