GtkHash – Hashing Out The Basics - Wizards Corner

wizardfromoz

Administrator
Staff member
Gold Supporter
Joined
Apr 30, 2017
Messages
9,913
Reaction score
8,794
Credits
44,798
GtkHash is a small utility that ships with some Linux Distros and is held in the Repositories of many more. If shipped, you will likely find it under Accessories. If available, but not installed, you can install it using either your Software Manager/Centre or your (Synaptic) Package Manager.

In Debian-based Distros (which includes Ubuntu, Linux Mint and similar), if you wish to install from Terminal (Konsole under KDE) you can do so with the following command and follow the prompts:

Code:
sudo apt-get install gtkhash

It is my intention to cover this in a little detail, and in particular to show you how you can turn around the results you find, and to backtrack on the Web to certain sites that may be of use to you.

I will also list a couple of ways of installing GtkHash. for non-Debian-based Distros.

The following screenshots were taken within the environment provided by Ubuntu 16.04 (Beta) MATE.

TUuhqdt.png


Standard default is for outputting MD5, SHA1, and SHA256 checksums.

UXBKaPs.png


I have taken an old iso of CentOS 7 here as an example, dated, but a good test, I feel.

IqmkXbW.png


Given that MD5 is, if not obsolete, then at least passe, you might wish to eliminate it from your search by unchecking it – Edit-Preferences. GtkHash saves your preferences, so that next time you invoke it, it will display the options you used last.

Now this is where GtkHash can become even more useful to you, perhaps even to the point of determining which sites you trust to download from.

I downloaded the CentOS .iso maybe two years ago, but have not yet installed it. I do not have an eg SHAsum,txt file with it where it is stored, and I honestly cannot remember whether I checked same at time of download, or downloaded the checksum file if it was available (doesn't look like it). But I want to check that it is legit before I install.

Armed with the knowledge I have gleaned from above, I now know that the CentOS has as its SHA1, the checksum

1ef796c09dbb3e596f77cd50ad3c3d4d380a1368

I take that string and paste it into a search on Google (or search engine of your choice) and here are the results.

MdmIOx7.png


Very few results, as one might expect given the age of the .iso and the esoteric nature of CentOS, but enough to corroborate that the .iso I want to install is the Real McCoy. With more recent distributions, you will find more results for your own circumstances.

Bear in mind this – just because you may not find, immediately, the checksum you have Googled as having a reference at eg LinuxMint/Downloads or wherever, as I have above … does not mean you should immediately boycott a site and its Distros as being unreliable.

If I take my CentOS example and paste its .iso exact description, and append “sha” to the end, as follows - “CentOS-7.0-1406-x86_64- Everything.iso sha” … my search takes me to a page where the first entry has (in part) the following:

9EgWvcs.png


Note the last half a dozen entries – so when you download the .iso, you should also be downloading these, and these small files will not appear in the searches I described earlier. So I am reassured that CentOS is a reliable site to download from.

If your memory is half as foggy as mine, you may not be able to remember where you downloaded an .iso from – was it the official website, was it SourceForge or DistroWatch?

Using the methods I have described, you can be certain that the .iso you have downloaded has not been compromised, and has not been damaged during download.

Before I move on to describing how GtkHash can be installed in others of the Linux “families”, I'll leave you with two more points.

  1. If you seek to install GtkHash from your GUI package manager, in my case Synaptic Package Manager is the usual with Debian-based Distros, you may see under the GtkHash entry references to eg Nautilus, Nemo, and Thunar extensions. I have not used these yet, but I am guessing installation of these will allow you to right-click an .iso from your File Manager window pane and choose GtkHash from the context-sensitive menu. Someone could confirm that for me, I would be grateful.
  2. Apparent from a couple of my screenshots preceding, but not immediately apparent perhaps to the newcomer; is that if you already have at your fingertips a sha1, sha256 or other long checksum and wish to check it against your .iso in GtkHash, you may wish to drag to the left and/or right the edges of the GtkHash window, to reveal all. I'll show you what I mean.

dKZK9J0.png


The above is using Sparky Linux as an example.

Note that the “Check” field under File now shows the full checksum, and that in my case there are checkmarks (two of them), or they might be green-filled circles (Distro-dependent).

In Fedora 22 and upwards (I have used 23 and 24 as well), you can install GtkHash as follows:

Code:
# dnf install gtkhash

… note that <dnf> is used because yum (the yellowdog update modifier) is deprecated, since dnf was employed with Fedora 22.

… note the command is executed as root, which you get to with <su>, Enter and enter root password.

SourceForge have the tar at https://sourceforge.net/projects/gtkhash/


MAGEIA

I enjoy Mageia, but I had to take a cumbersome approach to installing. If someone has a better method (& there likely is one) please let us know.

There was a .tar.xz at SourceForge, but I wasn't in the mood for untarring, compiling and make-installing, so I found a .deb at http://ftp.gnome.org/ubuntu/ubuntu/pool/universe/g/gtkhash/
...
and downloaded that to see if it worked.


WIZARD’S NOTE - @ 2017-05-19, SourceForge hold gtkhash-1.1.tar.gz , whereas some of the following lines were written some time ago – so check your version and substitute current filenames where applicable.

I then downloaded and installed Alien, which converts .deb to .rpm and vice-versa, from
ftp://195.220.108.108/linux/mageia/distrib/5/x86_64/media/core/release/alien-8.90-4.mga5.noarch.rpm
- which actually opens the downloads pane.

For Alien I just double-clicked the .rpm from Dolphin File Manager and installed from there.

Code:
alien -r gtkhash_0.7.0-1ubuntu1_amd64.deb

converts it to gtkhash-0.7.0-2.x86_64.rpm

Then you can (make the file local)

Code:
sudo urpmi gtkhash-0.7.0-2.x86_64.rpm
or

Code:
sudo urpmi gtkhash
and use Tab to autocomplete.

Now you have GtkHash installed. Housekeeping note – a package lib64mhash2-0.9.9.9-11.mga5.x86_64 is installed with GtkHash – if you delete GtkHash using

Code:
sudo urpme gtkhash

you will need to delete the lib package separately.

ARCH-BASED

Manjaro – Testbed was Manjaro 15.12 Mate, and

Code:
yaourt -S gtkhash

... worked fine for me.


GENTOO-BASED

Sabayon – I was using Sabayon 16.04 KDE some time ago, and so far, no joy. I will crack it eventually, no doubt, but in the meantime if a Sabayon user has some tips, please enlighten us, else I will revisit this environment when I have the answer.


(ADDENDUM TO) DEBIAN-BASED

From another source -

To install GtkHash on Debian family type the following commands in your terminal:
(Steps tested on Debian 8.0 X86-64.)

su root
Enter your root password.

aptitude install gtkhash
(If the package isn't found, or isn't up-to-date, run "aptitude update" before installing, to fetch updates for your package list.)

exit


This obviously works on Debian 8, as for others in the Debian family:


MX-15, which I have used, and MX-16, which I currently use.

In MX-15, the command returns this output

“$ su
Password:
root@toshi:/home/chris# aptitude install gtkhash
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

root@toshi:/home/chris#”

Anything to worry about? No.

GtkHash comes pre-installed with MX-15, and MX-16. They are from mepis.org, under a handshake agreement from the antiX group.

antiX itself (I use 16), does not come with it, but I expect it can be installed. Likewise Point Linux, also Debian-based.

Finally

Regarding that last screenshot – you can modify the Settings (Edit-Preferences) in GtkHash, to show different algorithm choices, the choice is almost overwhelming, and, no, I am not familiar with half of them.

KRhtytG.png


As a bare minimum, I would advocate the use of:


  • MD5
  • SHA1
  • SHA256 and
  • SHA512
256 and 512 are going to become more and more prevalent, so be prepared.

Enjoy

Wizard
 
Last edited:


GtkHash is a small utility that ships with some Linux Distros and is held in the Repositories of many more. If shipped, you will likely find it under Accessories. If available, but not installed, you can install it using either your Software Manager/Centre or your (Synaptic) Package Manager.

It is my intention to cover this in a little detail, and in particular to show you how you can turn around the results you find, and to backtrack on the Web to certain sites that may be of use to you.

I will also list a couple of ways of installing GtkHash. for non-Debian-based Distros.

The following screenshots were taken within the environment provided by Ubuntu 16.04 (Beta) MATE.

TUuhqdt.png


Standard default is for outputting MD5, SHA1, and SHA256 checksums.

UXBKaPs.png


I have taken an old iso of CentOS 7 here as an example, dated, but a good test, I feel.

IqmkXbW.png


Given that MD5 is, if not obsolete, then at least passe, you might wish to eliminate it from your search by unchecking it – Edit-Preferences. GtkHash saves your preferences, so that next time you invoke it, it will display the options you used last.

Now this is where GtkHash can become even more useful to you, perhaps even to the point of determining which sites you trust to download from.

I downloaded the CentOS .iso maybe two years ago, but have not yet installed it. I do not have an eg SHAsum,txt file with it where it is stored, and I honestly cannot remember whether I checked same at time of download, or downloaded the checksum file if it was available (doesn't look like it). But I want to check that it is legit before I install.

Armed with the knowledge I have gleaned from above, I now know that the CentOS has as its SHA1, the checksum

1ef796c09dbb3e596f77cd50ad3c3d4d380a1368

I take that string and paste it into a search on Google (or search engine of your choice) and here are the results.

MdmIOx7.png


Very few results, as one might expect given the age of the .iso and the esoteric nature of CentOS, but enough to corroborate that the .iso I want to install is the Real McCoy. With more recent distributions, you will find more results for your own circumstances.

Bear in mind this – just because you may not find, immediately, the checksum you have Googled as having a reference at eg LinuxMint/Downloads or wherever, as I have above … does not mean you should immediately boycott a site and its Distros as being unreliable.

If I take my CentOS example and paste its .iso exact description, and append “sha” to the end, as follows - “CentOS-7.0-1406-x86_64- Everything.iso sha” … my search takes me to a page where the first entry has (in part) the following:

9EgWvcs.png


Note the last half a dozen entries – so when you download the .iso, you should also be downloading these, and these small files will not appear in the searches I described earlier. So I am reassured that CentOS is a reliable site to download from.

If your memory is half as foggy as mine, you may not be able to remember where you downloaded an .iso from – was it the official website, was it SourceForge or DistroWatch?

Using the methods I have described, you can be certain that the .iso you have downloaded has not been compromised, and has not been damaged during download.

Before I move on to describing how GtkHash can be installed in others of the Linux “families”, I'll leave you with two more points.

  1. If you seek to install GtkHash from your GUI package manager, in my case Synaptic Package Manager is the usual with Debian-based Distros, you may see under the GtkHash entry references to eg Nautilus, Nemo, and Thunar extensions. I have not used these yet, but I am guessing installation of these will allow you to right-click an .iso from your File Manager window pane and choose GtkHash from the context-sensitive menu. Someone could confirm that for me, I would be grateful.
  2. Apparent from a couple of my screenshots preceding, but not immediately apparent perhaps to the newcomer; is that if you already have at your fingertips a sha1, sha256 or other long checksum and wish to check it against your .iso in GtkHash, you may wish to drag to the left and/or right the edges of the GtkHash window, to reveal all. I'll show you what I mean.

dKZK9J0.png


The above is using Sparky Linux as an example.

Note that the “Check” field under File now shows the full checksum, and that in my case there are checkmarks (two of them), or they might be green-filled circles (Distro-dependent).

In Fedora 22 and upwards (I have used 23 and 24 as well), you can install GtkHash as follows:

Code:
# dnf install gtkhash

… note that <dnf> is used because yum (the yellowdog update modifier) is deprecated, since dnf was employed with Fedora 22.

… note the command is executed as root, which you get to with <su>, Enter and enter root password.

SourceForge have the tar at https://sourceforge.net/projects/gtkhash/


MAGEIA

I enjoy Mageia, but I had to take a cumbersome approach to installing. If someone has a better method (& there likely is one) please let us know.

There was a .tar.xz at SourceForge, but I wasn't in the mood for untarring, compiling and make-installing, so I found a .deb at http://ftp.gnome.org/ubuntu/ubuntu/pool/universe/g/gtkhash/
...
and downloaded that to see if it worked.


WIZARD’S NOTE - @ 2017-05-19, SourceForge hold gtkhash-1.1.tar.gz , whereas some of the following lines were written some time ago – so check your version and substitute current filenames where applicable.

I then downloaded and installed Alien, which converts .deb to .rpm and vice-versa, from
ftp://195.220.108.108/linux/mageia/distrib/5/x86_64/media/core/release/alien-8.90-4.mga5.noarch.rpm
- which actually opens the downloads pane.

For Alien I just double-clicked the .rpm from Dolphin File Manager and installed from there.

Code:
alien -r gtkhash_0.7.0-1ubuntu1_amd64.deb

converts it to gtkhash-0.7.0-2.x86_64.rpm

Then you can (make the file local)

Code:
sudo urpmi gtkhash-0.7.0-2.x86_64.rpm
or

Code:
sudo urpmi gtkhash
and use Tab to autocomplete.

Now you have GtkHash installed. Housekeeping note – a package lib64mhash2-0.9.9.9-11.mga5.x86_64 is installed with GtkHash – if you delete GtkHash using

Code:
sudo urpme gtkhash

you will need to delete the lib package separately.

ARCH-BASED

Manjaro – Testbed was Manjaro 15.12 Mate, and

Code:
yaourt -S gtkhash

... worked fine for me.


GENTOO-BASED

Sabayon – I was using Sabayon 16.04 KDE some time ago, and so far, no joy. I will crack it eventually, no doubt, but in the meantime if a Sabayon user has some tips, please enlighten us, else I will revisit this environment when I have the answer.


(ADDENDUM TO) DEBIAN-BASED

From another source -




This obviously works on Debian 8, as for others in the Debian family:


MX-15, which I have used, and MX-16, which I currently use.

In MX-15, the command returns this output

“$ su
Password:
root@toshi:/home/chris# aptitude install gtkhash
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.

root@toshi:/home/chris#”

Anything to worry about? No.

GtkHash comes pre-installed with MX-15, and MX-16. They are from mepis.org, under a handshake agreement from the antiX group.

antiX itself (I use 16), does not come with it, but I expect it can be installed. Likewise Point Linux, also Debian-based.

Finally

Regarding that last screenshot – you can modify the Settings (Edit-Preferences) in GtkHash, to show different algorithm choices, the choice is almost overwhelming, and, no, I am not familiar with half of them.

KRhtytG.png


As a bare minimum, I would advocate the use of:


  • MD5
  • SHA1
  • SHA256 and
  • SHA512
256 and 512 are going to become more and more prevalent, so be prepared.

Enjoy

Wizard
Thank you for Posting this, good sir!..... :3
 
Yes, indeed! Very helpful stuff! :cool:
 
Thank you all.

I omitted to say for those using Debian-based Distros (Ubuntu, Linux Mint and the like) whom wish to install from Terminal (Konsole under a KDE desktop), the following will suit:

Code:
sudo apt-get install gtkhash

and follow the prompts.

Wizard
 
Thank you all.

I omitted to say for those using Debian-based Distros (Ubuntu, Linux Mint and the like) whom wish to install from Terminal (Konsole under a KDE desktop), the following will suit:

Code:
sudo apt-get install gtkhash

and follow the prompts.

Wizard

That command worked flawlessly. I'll use it in Mint Mate later. Another problem I had with recent commands was not capitalizing the first letter of directory names. The checksums matched so am ready for install. Would that command be:

'cd Downloads'
then
'sudo apt install linuxmint-19.3-mate-64bit.iso' ?

Would erasing and/or overwriting existing distro be automatic?

Thanks so much.
jjconstr
 
Would that command be:

'cd Downloads'
then
'sudo apt install linuxmint-19.3-mate-64bit.iso' ?

Would erasing and/or overwriting existing distro be automatic?

Just take any questions like this back to your other Thread, Jerry :)

I believe you have used Etcher to burn the .iso to a stick.

Cheers

Wizard
 
Yes, earlier I couldn't find that other thread. So I asked the question. Since, I read instructions on linux mint.com. Used Etcher to load to USB stick, The utility loaded two files, bootx64.efi and grubx64.efi. Properties said the size of the stick was 6GB, then 2.4 GB, then 2.4 MB while landing page of Etcher said 16 GB, which it is. Now, a few hours later, from linux, properties says 570 items, totaling 2.1 GB, but no available size of stick listed. I formatted the stick before using Etcher and again before using Etcher a second time where properties said 2.4MB and full. My concern is if the varying output of properties (from Windows) indicates a bad USB stick.

I would be grateful for a tip on finding the other thread.

jjconstr
 
Last edited:
Yes, earlier I couldn't find that other thread. So I asked the question. Since, I read instructions on linux mint.com. Used Etcher to load to USB stick, The utility loaded two files, bootx64.efi and grubx64.efi. Properties said the size of the stick was 6GB, then 2.4 GB, then 2.4 MB while landing page of Etcher said 16 GB, which it is. Now, a few hours later, from linux, properties says 570 items, totaling 2.1 GB, but no available size of stick listed. I formatted the stick before using Etcher and again before using Etcher a second time where properties said 2.4MB and full. My concern is if the varying output of properties (from Windows) indicates a bad USB stick.

I would be grateful for a tip on finding the other thread.

jjconstr
The stick shows hundreds of files in properties from Ubuntu, but still only two files from windows , 2.4 MB stick capacity and 14 KB free. It is a 16 GB stick. Is something wrong?
 
If you seek to install GtkHash from your GUI package manager, in my case Synaptic Package Manager is the usual with Debian-based Distros, you may see under the GtkHash entry references to eg Nautilus, Nemo, and Thunar extensions. I have not used these yet, but I am guessing installation of these will allow you to right-click an .iso from your File Manager window pane and choose GtkHash from the context-sensitive menu. Someone could confirm that for me, I would be grateful.

I am using LM20.1 (Cinnamon)
When I click on "Dont Forget to Verify Your .ISO" on the download page, and then on
sha256sum.txt .....on the next page.....
....I am told the sha256 is :14f73c93f75e873f4ac70b6cddc83703755c2421135a8fbbfd6ccfeed107e971 *(linuxmint-20.1-cinnamon-64bit.iso)

I then right click on the downloaded .iso file and select "Check SHA256" from the drop down.....and it returns precisely the same number: 14f73c93f75e873f4ac70b6cddc83703755c2421135a8fbbfd6ccfeed107e971

Therefore, my download has been properly downloaded and is an exact copy of the file on the server.


 
This thread is from 2017. But it is still relevant until now. I have more points to add:
1. GTKHash is a cross-platform software. You can check out the Github page for more installation options. If you are on Windows, you can download the .exe installer from Github as well.

2. For most distros, like CentOS, AntiX, you can enter your SHA1 or SHA256 code into Google and see whether the SHA256SUM code is available on the distro website. (Read that in post #1).

3. For Ubuntu 20.04 ISO file, you can get the code here: https://releases.ubuntu.com/20.04/SHA256SUMS
Ubuntu 21.04 ISO file is here: https://releases.ubuntu.com/21.04/SHA256SUMS

4. For Linux Mint, you can watch this video:

 
Last edited:
I do realise the thread is from 2017.

The number of people coming through Linux.org who have no clue re verifying their download etc etc is not just annoying, it is also time consuming asking the same question/s of them etc etc......did you verify your download, that could be the source of your problem....etc.....Answer:....what the F is that ?...etc

At least now we can copy and paste the blurb from the download pages and give them a link to GtkHash....or Link a video....whatever suits the particular circumstances/person.
 
So when Linus Torvalds/Clem Lefebvre give that advice/include it in their blurbs/on their sites....they are giving bad advice?

I think it also gives the newcomers a minor understanding of just one of the intricacies of Linux.....makes them aware that it is not just some elcheapo download......perhaps they may treat their fresh download with a little more respect/thought than they would otherwise
 
Nice to see interest in an old thread, and thanks for the input folks. :)

I'll put together some thoughts and responses, and air them on my tomorrow.

Cheers

Wiz
 
update for Arch /Arch based yaourt went the way of John Cleese's Parrot : https://itsfoss.com/best-aur-helpers/

gtkhash package for Arch is available in the AUR this one worked fine for me :


As can be seen from screen shot ; i tested on Arch iso download sums produced by gtkhash against quoted on web matched
 

Attachments

  • hash.png
    hash.png
    425.4 KB · Views: 455
As can be seen from screen shot ; i tested on Arch iso download sums produced by gtkhash against quoted on web matched
Andy, If you would copy the checksum from the website and paste it into the "Check" box on gtkhash, it would give you an indicator that the checksums match. You didn't show this in your screenshot, so I guess that you compared the checksums yourself manually, which is very tedious to do. The image below was plucked from Wizard's post #1... note the "check marks" on the matching items. Let gtkhash do the tedious work for you! ;)

dKZK9J0.png
 
cheers Stan,

yeah i checked against web site manually - its an old habit from using Slackware , where everything was manual. I've got green orbs on mine instead of ticks. IS there a gui way to do this:

Code:
gpg --keyserver-options auto-key-retrieve --verify    archlinux-2021.06.01-x86_64.iso.sig
gpg: keybox '/home/andrew/.gnupg/pubring.kbx' created
gpg: assuming signed data in 'archlinux-2021.06.01-x86_64.iso'
gpg: Signature made Tue 01 Jun 2021 17:51:56 BST
gpg:                using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
gpg: /home/andrew/.gnupg/trustdb.gpg: trustdb created
gpg: key 7F2D434B9741E8AC: public key "Pierre Schmitz <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Good signature from "Pierre Schmitz <[email protected]>" [unknown]
 
Last edited:


Top