When you download software or transfer important files, it’s essential to ensure that the file hasn’t been tampered with or corrupted during transit. One of the easiest ways to verify a file’s integrity in Windows is by using the built-in command-line tool CertUtil.
🔍 What Is CertUtil?
CertUtil is a command-line utility that comes preinstalled with Windows. It’s primarily used for managing certificates, but it also includes a handy feature for generating hash values (checksums) of files.
A hash is a unique string of characters generated from a file’s contents. If even one byte of the file changes, the hash will be completely different—making it a reliable way to verify file integrity.
🧮 Common Hash Algorithms
The two most common hashing algorithms used for verification are:
- MD5 – A 128-bit hash function commonly used for quick checks. While it’s not cryptographically secure anymore, it’s still fine for detecting accidental corruption.
- SHA256 – A 256-bit, more secure algorithm recommended for verifying file authenticity and integrity.
⚙️ How to Generate a File Hash with CertUtil
You can easily generate a hash for any file using Command Prompt or PowerShell.
Step 1: Open Command Prompt
Press Windows + R, type cmd, and press Enter.
Step 2: Navigate to the Folder
Use the cd command to navigate to the folder containing your file. For example:
cd C:\Users\YourName\Downloads
Step 3: Generate the Hash
Use one of the following commands depending on the algorithm you want to use:
For MD5:
certutil -hashfile <file> MD5
For SHA256:
certutil -hashfile <file> SHA256
Replace <file> with the name of your actual file, including its extension.
Example:
certutil -hashfile setup.exe SHA256
📋 Example Output
When you run the command, you’ll see output similar to this:
SHA256 hash of setup.exe:
A1B2C3D4E5F67890123456789ABCDEF1234567890ABCDEF1234567890ABCDEF
CertUtil: -hashfile command completed successfully.
You can now compare this hash value with the one provided by the file’s source (e.g., the software vendor’s website).
If they match — your file is intact and authentic.
If not — the file may have been altered or corrupted.
🛡️ Why File Hashing Matters
Hashing ensures:
- Integrity: Confirms the file wasn’t modified during download or transfer.
- Authenticity: Helps verify the file is from a trusted source.
- Security: Detects potential tampering or malware injection.
✅ Summary
| Algorithm | Command | Use Case |
|---|---|---|
| MD5 | certutil -hashfile <file> MD5 | Quick integrity checks |
| SHA256 | certutil -hashfile <file> SHA256 | Secure verification |
Whether you’re a developer, system administrator, or everyday Windows user, knowing how to use certutil can help you verify your files with confidence.