Solved

MD5 sum - how to run on downloaded file

Posted on 2016-08-03
13
49 Views
Last Modified: 2016-08-03
I downloaded a JavaScript file from a vendor's site. The email contained a long hex code called an MD5 sum.
e.g. They said:
Important: verify the md5 sum we have computed before using:
00351e49b26963291e0264f6a52286b2

From what I understand, this sum represents a "fingerprint" that is computed from the source code file before it's downloaded. Now, I need to run the file that I downloaded to my PC through (for lack of a better word) and MD5 generator to confirm the download was OK. In other words, this generator should spit out the same hex code.

What is the best way to do the above? (Ideally, the software would be free. :) )

Thanks!
Steve
0
Comment
Question by:Stephen Kairys
  • 6
  • 5
  • 2
13 Comments
 
LVL 7

Expert Comment

by:James Bilous
ID: 41740942
Are you on linux or windows?
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740966
James,
On Windows. (Win10). Thanks!
0
 
LVL 7

Expert Comment

by:James Bilous
ID: 41740968
Here's a free command line tool provided by Microsoft to verify MD5's:

https://www.microsoft.com/en-us/download/details.aspx?id=11533
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740986
James,
Thank you. This tool looks promising per my needs; however, I am concerned that the supported versions stop before Win7. In fact, the release date of the tool seems to predate the release date of Win8, which I think (don't hold me to it), was October, 2012.

Microsoft MD5 tool info
Will I be OK with Win10, or should we look for a tool (either from Microsoft or otherwise) that is supported for Win10?

Thanks,
Steve
0
 
LVL 7

Accepted Solution

by:
James Bilous earned 350 total points
ID: 41741005
Ah sorry, forgot  about that requirement. In that case you can probably just use CertUtil which is built into Windows 10. Run it like this:

C:\> CertUtil -hashfile your/path/file.js MD5

Open in new window

1
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741053
@James, no worries. :)

I tried the utility, but the resultant MD5 code differs from what the vendor provided, even discounting the embedded spaces added by CertUtil.

Vendor: 4e0968786313dec27558fdc5241ea0dd
CertUtil: 35 32 26 82 8c 14 0d 7a c5 89 74 19 f1 96 96 63

This issue occurred with two different downloads, five days apart, so I doubt seriously that two separate downloads would have been corrupted. In fact, I ran a file compare (using EXAMDIFF) on them, and the only delta was per a comment containing the file date. If there was corruption, I'd imagine there'd be numerous deltas...

Maybe there's some parameter I need to feed to CertUtil?

Thanks!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 7

Expert Comment

by:James Bilous
ID: 41741085
Metadata can change on a file which, when compared using diff on the file content itself, can show no differences but vastly different checksums. Are you certain that md5 is for the exact file you downloaded? There's no possibility that the vendor provided md5 has changed?

There are no other parameters in md5, it is a very specific algorithm. There are of course other algorithms that CertUtil can run such as SHA(256, 512, etc etc), but from the look of your original post the vendor has been explicit about the checksum being md5.
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741091
I may have to contact the vendor then.

But, I'm curious: how can two files show "no differences but vastly different checksums".  I would think that two identical files, when run through the same algorithm that produces an MD5 sum would always return the same sum....what am I missing? :)
0
 
LVL 7

Expert Comment

by:James Bilous
ID: 41741122
Files are not just what you see when you open them up. There is "metadata" that is associated with them, or "data about the data", that may include things like creation date, author, organization, revisions dates, etc, visible only through property inspection. For example, if you right click the file in question, click properties and go over to the "details" tab, you'll see all the metadata associated with the file. Changing this will change the overall checksum of the file, since it is an encryption of every single byte associated with the payload, not just the content visible to someone in a text editor, for example.
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 150 total points
ID: 41741139
Stephen, can you please send us the link of the download file and where they have their MD5 information to make a test?
2
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741238
Problem solved!

I should have mentioned that the downloaded file is a ZIP file containing the JS file. i assumed the MD5 sum provided in the email applied to the .JS file; however, it applied to the ZIP file! :) Once I ran CERTUTIL on the ZIP file for two different instances, the sum appears to be fine.
 
Thank you, everyone!  I realized this "flaw in my process" when starting to write a response to SchnellSolutions per to download the file. Working with both of you helped me brainstorm this issue.

Points coming shortly!
0
 
LVL 4

Author Closing Comment

by:Stephen Kairys
ID: 41741244
@James,
Thank you again for educating me about the CertUtil Utility. I'm sure i'll have use for it again.

@Schnell - Your sensible offer of trying the download is what led my brain to find the solution, so you earned points as well! :) Thanks!

Great collaboration, both of you!

Steve
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41741264
Great :)

Thanks for the feedback
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now