Add Windows method to checksum instructions

Head_on_a_Stick · 2016-09-15 21:39:45

As pointed out by @Bearded_Blunder here, the current instructions for verifying the checksums do not cover Windows systems.

@B_B has helpfully supplied the command:

certutil -hashfile  "C:\path\to\file\file.ext" sha256

https://forums.bunsenlabs.org/viewtopic … 124#p37124

I agree that it would be a good idea to add this or a link to full instructions.

EDIT: quotes added to command.

Last edited by Head_on_a_Stick (2016-09-16 06:12:43)

Bearded_Blunder · 2016-09-15 22:08:57

Probably a good plan to quote the path, may be saved along one with spaces, I'm just off to edit the original post to

certutil -hashfile  "C:\path\to\file\file.ext" sha256

:8

johnraff · 2016-09-16 03:08:21

Agreed. We should try to help current Windows users, who may have no previous Linux experience at all.

damo · 2016-09-16 07:21:26

johnraff wrote:

Agreed. We should try to help current Windows users, who may have no previous Linux experience at all.

Then just recommmend they get the torrented iso - the download is checksummed automatically. Then there is no scary commandline straight away

johnraff · 2016-09-16 07:45:34

^Ah yes!

Bearded_Blunder · 2016-09-16 23:35:12

earlybird wrote:

Which Windows? 98/Me/2000/2003 server/XP/Vista/2008 server/7/8/10?

CertUtil.exe has been in consumer versions of Windows since Vista, but only supports SHA256 from Win7 onwards, in Vista one can't specify algo & it does SHA1
I think it was introduced in Server 2003, but concerning yourselves with unsupported Windows versions is taking things to extremes, users of such are generally used to jumping through hoops or installing third party stuff to get things done now, anyone who can turn anything pre XP into a machine usable on the modern internet is I guarantee competent to calculate hashes, and probably knows they'll need third party tools to do so.

And how does one easily open a command prompt chdired to the folder the downloaded file is in?

One requires TweakUI or some third party tool to do *that*, but one doesn't have to if one is specifying the full path to the file in the command. Otherwise one merely gives instructions for default behaviour and default locations, hoping those who've adjusted things are bright enough to adjust commands accordingly. Or one accepts Windows users typically won't check downloaded files, given most Windows oriented sites don't ask them to, precicely because it's not as simple as on Linux to give concise instructions.

Do you quote the file name in cmd.exe?

If there is white-space in the name or path one must, if not, it's not required.

Can one copy & paste the path from explorer into cmd.exe and it does not need quoting?

One can paste the path and file into cmd.exe see above re quoting, however providing what to paste would be tricky for a web page, since by default downloads go to C:\Users\Username\Downoads, though some browsers cusomise that, and it can always be overridden by save as instead of simply clicking save.
In order to paste into a CMD window one *must* right click, the ctrl+v keyboard short-cut won't work.

Is it guaranteed to work the same across versions of Windows?

One can never guarantee a given tool will work the same across service pack levels in ONE version of *Winows*, however the output appears consistent here across versions.

What access privilege do you need to execute that tool?

Depends completely what you're doing with it, to update certificate stores etc., one would need an elevated command prompt, to merely hash a file one needs the privilige level "Authenicated User" which one needs to open cmd.exe anyway.

Will there be scary questions?

Undoubtedly there will be questions, if one follows @Damo's suggestion, one of the commonest from UK downloaders will be "My ISP blocks Bittorrent, what do I do?" Many if not most UK ISPs (mine included) do indeed "block" torrenting, typically by interfering with DNS to known trackers, getting round that isn't required in this case but users who've tried torrents are going to *think* it is, and there will be those who resist downloading a torrent client just to download a file. Not even mentioning the few over-zealous ISPs who block torrenting at the protocol level.

Somebody write up and test instructions for that please, because I can't verify nor test anything of that because I don't have and am not using Windows anymore.

For a typical Windows user, who does things the default way the following ought to work:
WinKey +R (opens run dialogue)
type CMD click OK (opens command prompt in C:\Users\CurrentUser, actually in %USERPROFILE%, but that's unlikely to have been chagned, it's non-trival to have your profile other than C:\Users\You\)
in the cmd window type CD Downloads & hit enter (puts you in the default downloads folder)
in which case one doesn't need the path since the .iso is in the current directory and one can simply paste the command with filename and hit enter:

CertUtil -hashfile bl-Hydrogen-amd64_20160710.iso SHA256

CertUtil -hashfile bl-Hydrogen-i386_20160710.iso SHA256

CertUtil -hashfile bl-Hydrogen-i386+NonPAE_20160710.iso SHA256

As appropriate.
Sample output:

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\Users\Beardy>cd Downloads

C:\Users\Beardy\Downloads>CertUtil -hashfile bl-Hydrogen-i386_20160710.iso SHA256
SHA256 hash of file bl-Hydrogen-i386_20160710.iso:
f1 38 27 e6 17 17 d8 c4 59 d9 b7 e5 24 ce ea 12 28 1f 6f f5 21 a7 17 fb 4f 06 8d 17 7f 58 f4 b1
CertUtil: -hashfile command completed successfully.

C:\Users\Beardy\Downloads>

If you don't specify hash algo the output of:

CertUtil -hashfile bl-Hydrogen-i386_20160710.iso

Will give the SHA1 hash in all versions Vista through 10 inclusive. Unless someone played round in regedit, or edited .ini files (unlikely and if they did they ought to know why and how the output will change MOST Windows users, excepting corporate IT Administrators, don't even know CertUtil exists).

afterthought wrote:

While being concerned about Windows Users not being happy at the command line may be valid for most situations, this could be considered a valid exception, given that once BL is installed, being willing to use a terminal is pretty near mandatory to keep up and running.

Last edited by Bearded_Blunder (2016-09-17 00:19:49)

Tony · 2016-09-17 00:45:05

This is a tutorial that I posted on a Windows forum.

Hold shift key, right click on folder that contains file, select Open command window here.

Copy and past this, (substitute your file of course).

certutil -hashfile File.exe SHA1

HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512 (choices must be caps)

Works on Windows 7,8 and 10

Bearded_Blunder · 2016-09-17 00:56:36

^ and if you leave off the algo would also work in Vista.. but then you'd need the SHA1 available on the site, the vista version only supports sha1 or md5 & getting it to do md5 takes making an ini file and specifying that it uses it on the commandline.
Later versions of CertUtil also default to SHA1 (if nothing specified) with the default algo. specified in the system registry. A setting unlikely to have been altered.

Sample output doing the above on Vista:

C:\Users\Virtual\Downloads>certutil -hashfile bl-Hydrogen-i386_20160710.iso
SHA-1 hash of file bl-Hydrogen-i386_20160710.iso:
fd 6e 43 0e 33 1d 72 86 c1 f2 11 be a7 26 d2 f5 6e 30 e8 7a
CertUtil: -hashfile command completed successfully.

C:\Users\Virtual\Downloads>

Last edited by Bearded_Blunder (2016-09-17 01:17:27)

#1 2016-09-15 21:39:45

Add Windows method to checksum instructions

#2 2016-09-15 22:08:57

Re: Add Windows method to checksum instructions

#3 2016-09-16 03:08:21

Re: Add Windows method to checksum instructions

#4 2016-09-16 07:21:26

Re: Add Windows method to checksum instructions

#5 2016-09-16 07:45:34

Re: Add Windows method to checksum instructions

#6 2016-09-16 23:35:12

Re: Add Windows method to checksum instructions

#7 2016-09-17 00:45:05

Re: Add Windows method to checksum instructions

#8 2016-09-17 00:56:36

Re: Add Windows method to checksum instructions

Board footer