Large downloads, such as an ISO image, should have their integrity checked before use.
1. Download the desired file. For the purpose of illustration here we will assume foobar.iso.
2. Obtain the packager’s md5sum for the desired file.
Often this will be in a separate file in the same directory with a name suggestive of its contents, such as foobar.iso.md5 or foobar.MD5SUMS. Download it to the same directory as the desired file.
Other times the packager will simply post the md5sum in a README or other text file, or on a web page. In that case create a text file in the following format:
md5sum (two spaces, then) name_of_desired_file
Save the file as foobar.iso.md5 in the same directory as the desired file.
3. As user, md5sum -c foobar.iso.md5. Notice that you specifiy the md5sum file, not the file being checked. Calculation will take a moment. If the checksums match, the reply will be “foobar.iso: OK”. In this case you are done.
4. If the checksums do not match, attempt to repair the download. If you have access to a BitTorrent download for the files, try using that and pointing it at the existing files: it should check them, find out where they are corrupt, and correct the problems. If the damaged file is an ISO image, try correcting the download using Parchive2.
Update December 2010: Even though the md5sum of a downloaded ISO checked OK, multiple CDs burnt from it would not boot. I discarded the downloaded image, downloaded a new one (md5sum checked again), and burnt a new CD, which worked. Thus a valid md5sum does not guarantee an uncorrupted download.
BUT I WANT TO DO IT ON WINDOWS
Windows doesn’t have a built in checksum utility. Consider MD5summer (open source).
The unofficial MD5 homepage.
You will sometimes see a .asc file; this is the digital signature of the file. Likewise, an .md5.asc file is the digital signature of the .md5 file.
md5 isn’t the only game in town; there’s also the lesser known but superior SHA-1.