Windows 10 (and 7) Built-In MD5 Checksum Calculator

Aug 15, 2017

windows-10 utilities

I recently paved my main development workstation after it started misbehaving (slow start up, some applications not opening consistently etc) and am trying to be careful about what I install on it going forward.

Previously I had all manner of applications, games (including Steam) and utilities installed and the chances of finding what was causing the problems was pretty remote. There could of course be multiple culprits.

Today I needed to install MySQL Workbench so I headed off to download it and noticed the MD5 checksum beneath the link. Now, I don’t always check these and maybe this is why my workstation ended up in a bit of a mess. But with a view to keeping this system as clean as I can I decided to make a point going forward of checking these checksums when they are available. my sql workbench ui

The “problem” is which utility do you use to calculate the checksum of the downloaded file?

If you Google for ‘MD5 checker’ you will see a number of utilities and while I have no reason to doubt the integrity of any of these I stopped short of installing any of them.

Obviously each download was accompanied by it’s MD5 checksum so that I could verify the file but after freely installing all manner of utilities in the past I was a little bit wary this time around.

Now, MD5 is not a new thing and you would think that Windows 10 would have some form of utility built in that would calculate the hash – and there is. Apparently it is also available in Windows 7 but I no longer have any systems running Win7 so I cannot verify that.

Open a command prompt and enter the following:

CertUtil -hashfile <path to file> MD5

Depending on the size of the file it may take a few seconds to run the calculation but if successful the MD5 hash will be displayed as below.

cert util output

It is also possible to generate checksums for other hash algorithms by replacing the MD5 parameter used above with any of the following (note that if you don’t specify a value then SHA1 is used by default):

MD2
MD4
MD5
SHA1
SHA256
SHA384
SHA512

So, if all you need is to determine the checksum of a downloaded file then there really isn’t any reason to install yet another utility to do so.

Comments

Comments are now closed

28 responses

	pruebablog123Jose
	December 23rd, 2019
Many thanks!!!

	Dissa
	January 30th, 2020
Thank You, This Saved Me A Great Lot Of Time.

	Sudhakar Dayal
	February 4th, 2020
It works! Thanks

	Bharat Ml
	March 16th, 2020
Thanks a lot! Worked right off!

	Chris
	March 22nd, 2020
Cool! I knew there must be a simple solution to compute checksums in windows without any third party tools.

	Alex
	June 25th, 2020
Thanks, it was a useful article! I’m glad Windows has a utility in their command line for this.

	Dave Noble
	July 20th, 2020
Thank you! This solved my md5sum problem! Also, love the mug, where did you get it, if you don’t mind my asking. Thanks again!

	Dave
	July 21st, 2020
Glad you found the article useful – it’s difficult to keep up with what’s actually in Windows these days ;-). As for the mug, it was a present but I think it’s similar to this one: https://www.amazon.co.uk/Personalised-Stand-Back-Ive-This/dp/B07MXFXLPH

	Woody
	July 25th, 2020
Exactly Where I was coming from too – so thanks for this.

ajmethta

August 11th, 2020

Perfect!

	Richard Berke
	August 24th, 2020
Great tip! Easy. No new utility to install.

	Owe Kristiansen
	September 21st, 2020
Thank you!

	zimba
	November 24th, 2020
If you’re reading this after 2005, note that md5 is now useless: https://www.codeproject.com/Articles/11401/Good-Bye-MD5

	Dave
	November 24th, 2020
Thanks for your comment, but while MD5 may not be secure I think calling it ‘useless’ is going a bit far. The article you link to is essentially highlighting that MD5 is no longer secure and shouldn’t be used to store passwords – and I absolutely agree with that, but that’s not a point of my post. Many sites offer downloads and provide an MD5 hash to enable users to verify what they downloaded hasn’t been tampered with. Yes, it’s not a bulletproof process, a hacker could in theory change both the file and the corresponding hash, but in that scenario all bets are off anyway! If an MD5 hash is provided then this is a simple way to check it against the downloaded file. The built-in tool can also generate SHA256/384/512 hashes mentioned in the article you linked to – so there is value in knowing that you don’t have to install yet another third-party application to achieve this.

	Tony
	December 5th, 2020
Thanks for the Windows’ tip! That’s a “lifesaver” knowing that ‘Windows Server’ too has the ‘CertUtil’ applet built-in. For example, the ISO of updates that I need to install there (i.e. Windows Server) has MD5/SHA1 values posted on the download site, but no clue as to where one might start, etc. MD5 & SHA1 are still the winners in this situation, for obvious reasons, not useless at all. Cheers!

	David Jung
	January 4th, 2021
Works fine. CertUtil followed by `diff HASH1 HASH2` will let you easily compare the two hashes.

	Soumyaranjan Sahu
	February 17th, 2021
Thanks for the information. It works like a charm

	blackdragonltd
	February 20th, 2021
I would agree with the fact that MD5 while having been broken, does not make it useless. Nothing is totally secure so security works on degrees of Risk. For your average download this is perfectly acceptable using MD5 “But” if your downloading Nuclear Codes, which I hope the average punter is not in the habit of doing, you might find this a little insecure of a consideration for MD5 and better routes to movement of that information would be a sound approach. Context is everything.. so if you are a bad actor target, a high degree of care and consideration are wise.. for us on the breadline with little to offer the bad actor except waste their time with low level banking and a handle on good password provision.. I believe we should consider our selves a little less special..

	baalkikhaal
	March 12th, 2021
How to create a field for MD5 as part of Context Menu when I press right click on the downloaded file?

	Dave
	March 16th, 2021
Sorry – no idea. There maybe utilities out there that integrate with the Windows Explorer to achieve this but not something I’ve done myself.

	Paul
	April 10th, 2021
But windows does not seem to have any tools to check checksums written to a file. I can not expect from my customer to compare manually two text files. Have a look on Linux “md5sums” and you will get an idea how it could work: `md5sums -c file_with_sums` File 1 : OK File 2: OK ..

	Dave
	April 10th, 2021
True enough, but then Windows isn’t Linux and that wasn’t the point of post, which was that you didn’t need to install one third party tool to verify the integrity of another. I’ve used Linux enough in the past to be aware of md5sums and it’s usefulness – that was in part why I wondered whether I could perform MD5 checks natively in Windows. Sure, it’s not as flexible as the Linux offering (as is frequently the case) but it works for me.

Seba

April 14th, 2021

Thanks a lot!

	Vojislav Depalov
	June 10th, 2021
There is that utility CertUtil on Windows 7 as well.

	Dave
	June 10th, 2021
Great, thanks for the confirmation – I’ve got no Windows 7 systems running.

	OCeti
	October 18th, 2021
Thanks for keeping this page online. I have an old, old machine running Windows 7 Ultimate. Getting it ready for upgrade and wanted to run MD5 against the BIOS update file before executing it. CertUtil worked like a charm!

	Israel
	July 3rd, 2022
Pretty easy. 1. In your File Explorer open shell:sendto 2. Create in that folder a .cmd (e.g., MD5.cmd) file with the following content: `certutil -hashfile %1 md5` `pause 0` 3. Save the file. Now the ‘MD5’ (or whatever you had called at the p.2 above) option should appear in your right-click > ‘Send to’ menu.

	Dave
	July 3rd, 2022
Excellent tip that – thanks a lot for posting 😀

	ajmethta
	August 11th, 2020
Perfect!