Solved

MD5 sum - how to run on downloaded file

Posted on 2016-08-03
13
74 Views
Last Modified: 2016-08-03
I downloaded a JavaScript file from a vendor's site. The email contained a long hex code called an MD5 sum.
e.g. They said:
Important: verify the md5 sum we have computed before using:
00351e49b26963291e0264f6a52286b2

From what I understand, this sum represents a "fingerprint" that is computed from the source code file before it's downloaded. Now, I need to run the file that I downloaded to my PC through (for lack of a better word) and MD5 generator to confirm the download was OK. In other words, this generator should spit out the same hex code.

What is the best way to do the above? (Ideally, the software would be free. :) )

Thanks!
Steve
0
Comment
Question by:Stephen Kairys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 9

Expert Comment

by:James Bilous
ID: 41740942
Are you on linux or windows?
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740966
James,
On Windows. (Win10). Thanks!
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41740968
Here's a free command line tool provided by Microsoft to verify MD5's:

https://www.microsoft.com/en-us/download/details.aspx?id=11533
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41740986
James,
Thank you. This tool looks promising per my needs; however, I am concerned that the supported versions stop before Win7. In fact, the release date of the tool seems to predate the release date of Win8, which I think (don't hold me to it), was October, 2012.

Microsoft MD5 tool info
Will I be OK with Win10, or should we look for a tool (either from Microsoft or otherwise) that is supported for Win10?

Thanks,
Steve
0
 
LVL 9

Accepted Solution

by:
James Bilous earned 350 total points
ID: 41741005
Ah sorry, forgot  about that requirement. In that case you can probably just use CertUtil which is built into Windows 10. Run it like this:

C:\> CertUtil -hashfile your/path/file.js MD5

Open in new window

1
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741053
@James, no worries. :)

I tried the utility, but the resultant MD5 code differs from what the vendor provided, even discounting the embedded spaces added by CertUtil.

Vendor: 4e0968786313dec27558fdc5241ea0dd
CertUtil: 35 32 26 82 8c 14 0d 7a c5 89 74 19 f1 96 96 63

This issue occurred with two different downloads, five days apart, so I doubt seriously that two separate downloads would have been corrupted. In fact, I ran a file compare (using EXAMDIFF) on them, and the only delta was per a comment containing the file date. If there was corruption, I'd imagine there'd be numerous deltas...

Maybe there's some parameter I need to feed to CertUtil?

Thanks!
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41741085
Metadata can change on a file which, when compared using diff on the file content itself, can show no differences but vastly different checksums. Are you certain that md5 is for the exact file you downloaded? There's no possibility that the vendor provided md5 has changed?

There are no other parameters in md5, it is a very specific algorithm. There are of course other algorithms that CertUtil can run such as SHA(256, 512, etc etc), but from the look of your original post the vendor has been explicit about the checksum being md5.
0
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741091
I may have to contact the vendor then.

But, I'm curious: how can two files show "no differences but vastly different checksums".  I would think that two identical files, when run through the same algorithm that produces an MD5 sum would always return the same sum....what am I missing? :)
0
 
LVL 9

Expert Comment

by:James Bilous
ID: 41741122
Files are not just what you see when you open them up. There is "metadata" that is associated with them, or "data about the data", that may include things like creation date, author, organization, revisions dates, etc, visible only through property inspection. For example, if you right click the file in question, click properties and go over to the "details" tab, you'll see all the metadata associated with the file. Changing this will change the overall checksum of the file, since it is an encryption of every single byte associated with the payload, not just the content visible to someone in a text editor, for example.
0
 
LVL 14

Assisted Solution

by:Schnell Solutions
Schnell Solutions earned 150 total points
ID: 41741139
Stephen, can you please send us the link of the download file and where they have their MD5 information to make a test?
2
 
LVL 4

Author Comment

by:Stephen Kairys
ID: 41741238
Problem solved!

I should have mentioned that the downloaded file is a ZIP file containing the JS file. i assumed the MD5 sum provided in the email applied to the .JS file; however, it applied to the ZIP file! :) Once I ran CERTUTIL on the ZIP file for two different instances, the sum appears to be fine.
 
Thank you, everyone!  I realized this "flaw in my process" when starting to write a response to SchnellSolutions per to download the file. Working with both of you helped me brainstorm this issue.

Points coming shortly!
0
 
LVL 4

Author Closing Comment

by:Stephen Kairys
ID: 41741244
@James,
Thank you again for educating me about the CertUtil Utility. I'm sure i'll have use for it again.

@Schnell - Your sensible offer of trying the download is what led my brain to find the solution, so you earned points as well! :) Thanks!

Great collaboration, both of you!

Steve
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41741264
Great :)

Thanks for the feedback
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question