Calculate file checksums and verify integrity (MD5, SHA-1, SHA-256)
Upload a file and calculate its checksum using MD5, SHA-1, or SHA-256. Compare it against an expected value to verify the file has not been corrupted or altered during download or transfer.
Initializing in your browser…
You burned an ISO to a USB stick and want to confirm it is bit-for-bit identical to the source before booting it.
File
ubuntu-24.04.iso (selected locally)
Checksums
CRC32: 8f3a1b2c MD5: b1946ac92492d2347c6235b4d2611184 SHA-256: 9f86d081884c7d659a2feaa0c55ad015…
The file is read in your browser and reduced to checksums you compare against the values the publisher posted; any mismatch means corruption or tampering. CRC32 catches accidental transmission errors cheaply, while SHA-256 is the one to trust for integrity. The file never leaves your machine.
Upload a file and calculate its checksum using MD5, SHA-1, or SHA-256. Compare it against an expected value to verify the file has not been corrupted or altered during download or transfer.
The Checksum Calculator computes cryptographic file hashes entirely in your browser using the Web Crypto API (crypto.subtle.digest), reading the file into an ArrayBuffer with the browser's FileReader so nothing is uploaded to a server, which matters when you are checking a multi-gigabyte ISO or disk image. It offers four algorithms, all SHA-family: SHA-1 (160-bit, flagged with a deprecation warning), SHA-256 (256-bit, the default and marked as the recommended standard), SHA-384, and SHA-512. There is deliberately no MD5 option, since SubtleCrypto does not implement it; if a download page only publishes an MD5 sum you cannot verify it here. A progress bar tracks the work in two halves, roughly 0 to 50 percent as the file is read and 50 to 100 percent while the digest is computed.
The tool has four modes. Calculate hashes a single dropped or browsed file and shows the hex digest with a copy button; switching the algorithm while a file is loaded automatically recomputes it. Verify lets you paste a publisher's expected checksum into a text box and renders a green 'Match!' or red 'Mismatch!' verdict; before comparing, the expected value is normalized by lowercasing it and stripping all whitespace, so trailing newlines or a copied 'SHA256 (file) = ...' fragment with spaces will not cause a false mismatch, but you must still pick the same algorithm the publisher used. Compare hashes two files in parallel (via Promise.all) and reports 'Identical!' or 'Different!' to confirm two copies are bit-for-bit equal. Batch adds many files at once, hashes them sequentially, flags any files that share a checksum under a 'Duplicates Found!' heading, and exports a checksums-{algorithm}.txt file in the standard 'hash␣␣filename' sha256sum format.
Understanding the threat model is important: a matching SHA-1 (or any single hash) only proves the file was not corrupted in transit or storage; SHA-1 is collision-broken, so it does not protect against a deliberate attacker, which is why the interface marks SHA-1 with a warning and SHA-256 with a checkmark. A SHA-256 (or stronger SHA-384/SHA-512) value obtained over an HTTPS connection is the meaningfully tamper-resistant check. When Verify reports a mismatch, the usual causes are choosing the wrong algorithm (a SHA-256 file against a published MD5 or SHA-1 sum will never match), an incomplete or corrupted download, a text file whose line endings changed when it was re-saved, or genuine tampering. The File Info panel shown alongside Calculate and Verify lists the file's name, size, MIME type, and last-modified date so you can confirm you grabbed the right file before trusting the verdict.
Switch to Verify mode, select SHA-256, drop the .iso file (read locally, never uploaded), paste the publisher's expected SHA-256 from their HTTPS page, and click Verify Checksum for a green Match or red Mismatch verdict.
Use Compare mode to load File 1 and File 2; the tool hashes both in parallel and reports 'Identical!' or 'Different!', useful for checking a backup copy is bit-for-bit equal to the original.
Confirm that a downloaded ISO, installer, or archive matches the hash published by the developer.
Ensure a file sent via email or cloud storage arrived intact by comparing checksums on both ends.
Use whichever algorithm the file publisher provides. SHA-256 is the most common choice for modern software verification.
The checksum calculator is focused on file verification with a comparison feature. The hash generator is broader, supporting text input and multiple simultaneous algorithms.
Conversions run on your device in JavaScript. The values you enter are never sent over the network.