• We had to restore from a backup today after a failed software update. Backup was from 0000 EDT and restored it at 0800 EDT so we lost about 8hrs. Today is 07/20/2024. More info here.

GtkHash – Hashing Out The Basics - Wizards Corner

I get the green orbs on gtkhash too. :)

The GPG website gives a list of GUI frontends (here). Maybe one of them would do what you want. I don't have any experience with any of them, but maybe someone else can contribute more info.

File Managers that have a gtkhash extension (at least in Debian repos).

caja-gtkhash/unstable,now 1.2-1+b2 arm64 [installed]
  caja extension for computing checksums and more using gtkhash

gtkhash/unstable,now 1.2-1+b2 arm64 [installed,automatic]
  GTK+ utility for computing checksums and more

nautilus-gtkhash/unstable 1.2-1+b2 arm64
  nautilus extension for computing checksums and more using gtkhash

nemo-gtkhash/unstable 1.2-1+b2 arm64
  nemo extension for computing checksums and more using gtkhash

thunar-gtkhash/unstable 1.2-1+b2 arm64
  thunar extension for computing checksums and more using gtkhash
GtkHash is a small utility that ships with some Linux Distros and is held in the Repositories of many more. If shipped, you will likely find it under Accessories. If available, but not installed, you can install it using either your Software Manager/Centre or your (Synaptic) Package Manager.

In Debian-based Distros (which includes Ubuntu, Linux Mint and similar), if you wish to install from Terminal (Konsole under KDE) you can do so with the following command and follow the prompts:

sudo apt-get install gtkhash

It is my intention to cover this in a little detail, and in particular to show you how you can turn around the results you find, and to backtrack on the Web to certain sites that may be of use to you.

I will also list a couple of ways of installing GtkHash. for non-Debian-based Distros.

The following screenshots were taken within the environment provided by Ubuntu 16.04 (Beta) MATE.


Standard default is for outputting MD5, SHA1, and SHA256 checksums.


I have taken an old iso of CentOS 7 here as an example, dated, but a good test, I feel.


Given that MD5 is, if not obsolete, then at least passe, you might wish to eliminate it from your search by unchecking it – Edit-Preferences. GtkHash saves your preferences, so that next time you invoke it, it will display the options you used last.

Now this is where GtkHash can become even more useful to you, perhaps even to the point of determining which sites you trust to download from.

I downloaded the CentOS .iso maybe two years ago, but have not yet installed it. I do not have an eg SHAsum,txt file with it where it is stored, and I honestly cannot remember whether I checked same at time of download, or downloaded the checksum file if it was available (doesn't look like it). But I want to check that it is legit before I install.

Armed with the knowledge I have gleaned from above, I now know that the CentOS has as its SHA1, the checksum


I take that string and paste it into a search on Google (or search engine of your choice) and here are the results.


Very few results, as one might expect given the age of the .iso and the esoteric nature of CentOS, but enough to corroborate that the .iso I want to install is the Real McCoy. With more recent distributions, you will find more results for your own circumstances.

Bear in mind this – just because you may not find, immediately, the checksum you have Googled as having a reference at eg LinuxMint/Downloads or wherever, as I have above … does not mean you should immediately boycott a site and its Distros as being unreliable.

If I take my CentOS example and paste its .iso exact description, and append “sha” to the end, as follows - “CentOS-7.0-1406-x86_64- Everything.iso sha” … my search takes me to a page where the first entry has (in part) the following:


Note the last half a dozen entries – so when you download the .iso, you should also be downloading these, and these small files will not appear in the searches I described earlier. So I am reassured that CentOS is a reliable site to download from.

If your memory is half as foggy as mine, you may not be able to remember where you downloaded an .iso from – was it the official website, was it SourceForge or DistroWatch?

Using the methods I have described, you can be certain that the .iso you have downloaded has not been compromised, and has not been damaged during download.

Before I move on to describing how GtkHash can be installed in others of the Linux “families”, I'll leave you with two more points.

  1. If you seek to install GtkHash from your GUI package manager, in my case Synaptic Package Manager is the usual with Debian-based Distros, you may see under the GtkHash entry references to eg Nautilus, Nemo, and Thunar extensions. I have not used these yet, but I am guessing installation of these will allow you to right-click an .iso from your File Manager window pane and choose GtkHash from the context-sensitive menu. Someone could confirm that for me, I would be grateful.
  2. Apparent from a couple of my screenshots preceding, but not immediately apparent perhaps to the newcomer; is that if you already have at your fingertips a sha1, sha256 or other long checksum and wish to check it against your .iso in GtkHash, you may wish to drag to the left and/or right the edges of the GtkHash window, to reveal all. I'll show you what I mean.


The above is using Sparky Linux as an example.

Note that the “Check” field under File now shows the full checksum, and that in my case there are checkmarks (two of them), or they might be green-filled circles (Distro-dependent).

In Fedora 22 and upwards (I have used 23 and 24 as well), you can install GtkHash as follows:

# dnf install gtkhash

… note that <dnf> is used because yum (the yellowdog update modifier) is deprecated, since dnf was employed with Fedora 22.

… note the command is executed as root, which you get to with <su>, Enter and enter root password.

SourceForge have the tar at https://sourceforge.net/projects/gtkhash/


I enjoy Mageia, but I had to take a cumbersome approach to installing. If someone has a better method (& there likely is one) please let us know.

There was a .tar.xz at SourceForge, but I wasn't in the mood for untarring, compiling and make-installing, so I found a .deb at http://ftp.gnome.org/ubuntu/ubuntu/pool/universe/g/gtkhash/
and downloaded that to see if it worked.

WIZARD’S NOTE - @ 2017-05-19, SourceForge hold gtkhash-1.1.tar.gz , whereas some of the following lines were written some time ago – so check your version and substitute current filenames where applicable.

I then downloaded and installed Alien, which converts .deb to .rpm and vice-versa, from
- which actually opens the downloads pane.

For Alien I just double-clicked the .rpm from Dolphin File Manager and installed from there.

alien -r gtkhash_0.7.0-1ubuntu1_amd64.deb

converts it to gtkhash-0.7.0-2.x86_64.rpm

Then you can (make the file local)

sudo urpmi gtkhash-0.7.0-2.x86_64.rpm

sudo urpmi gtkhash
and use Tab to autocomplete.

Now you have GtkHash installed. Housekeeping note – a package lib64mhash2- is installed with GtkHash – if you delete GtkHash using

sudo urpme gtkhash

you will need to delete the lib package separately.


Manjaro – Testbed was Manjaro 15.12 Mate, and

yaourt -S gtkhash

... worked fine for me.


Sabayon – I was using Sabayon 16.04 KDE some time ago, and so far, no joy. I will crack it eventually, no doubt, but in the meantime if a Sabayon user has some tips, please enlighten us, else I will revisit this environment when I have the answer.


From another source -

This obviously works on Debian 8, as for others in the Debian family:

MX-15, which I have used, and MX-16, which I currently use.

In MX-15, the command returns this output

“$ su
root@toshi:/home/chris# aptitude install gtkhash
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.


Anything to worry about? No.

GtkHash comes pre-installed with MX-15, and MX-16. They are from mepis.org, under a handshake agreement from the antiX group.

antiX itself (I use 16), does not come with it, but I expect it can be installed. Likewise Point Linux, also Debian-based.


Regarding that last screenshot – you can modify the Settings (Edit-Preferences) in GtkHash, to show different algorithm choices, the choice is almost overwhelming, and, no, I am not familiar with half of them.


As a bare minimum, I would advocate the use of:

  • MD5
  • SHA1
  • SHA256 and
  • SHA512
256 and 512 are going to become more and more prevalent, so be prepared.


Thanks Wizard
@Kennybee , you are welcome and welcome to linux.org :)

Chris Turner

Members online