HomeVirtualizationVMwareVMware Files Integrity Check Using Cryptographic Hashes

VMware Files Integrity Check Using Cryptographic Hashes

Have you ever tried to install VMware ESXi (or other software), but the installation just keeps failing? Before using the software installation wizards and avoid random troubleshooting, you should look at the downloaded files. Many VMware vSphere installations fail due to corrupt download and the VMware Cryptographic Hashes will help out.

From my experience, it is not likely to find corrupted files that have been downloaded from VMware, but this can happen. However, VMware provides Cryptographic hashes on product download pages as a way for you to confirm the integrity of the files you download. 

VMware Cryptographic Hashes

A checksum is a small-sized datum derived from a block of digital data to detect errors that may have been introduced during its transmission or storage. The term checksum is also sometimes seen as hash sum or hash value.

Cryptographic hash functions are generally used to guard against malicious changes to protected data in a wide variety of software, Internet, and security applications, including digital signatures and other forms of authentication. Two of the most popular cryptographic hash functions are the Secure Hash Algorithm (SHA) and Message Digest Algorithm-5 (MD5).

"The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm."

- Advertisement -

VMware uses the md5sum, sha1, and sha256 hash algorithms to take a file as input and produce as output a message digest of the input, which is a highly unique fingerprint. VMware implements one or all of a sha-1 hash, a sha-256 hash, or an MD5 message-digest for software downloads. This solution enables you to verify that your downloaded files are unaltered from the original. 

How to Verify VMware Hashes

Checksum utilities are used to verify the integrity of generated hashes. There are two basic types, those that calculate checksum values and those that validate them by checking them against a list of values for the protected data, which is the only way it can be done.

To confirm file integrity, you can use a sha-1, sha-256, and/or a MD5 utility on your computer to assess your own hash for files downloaded from the VMware web site. If your calculated hash matches the message digest VMware provides, you can be sure that the file was downloaded intact.

sha-1, sha-256, and MD5 utilities are available for Windows, Linux, and Mac. Most Linux installations provide a sha1sum command for sha-1 hashes, a sha256sum command for sha-256 hashes, and a md5sum command for calculating MD5 message digests.

VMware recommends the File Checksum Integrity Verifier (FCIV) to be used on Windows-based products to verify both MD5 and sha-1 values. FCVI is a command-prompt utility that computes and verifies cryptographic hash values of files. File Checksum Integrity Verifier 

- Advertisement -

While for MAC and Linux systems, there is a different workaround for Windows, I consider a better (tool) option than FCIV. 

MD5 & SHA Checksum Utility 

MD5 & SHA-1 Checksum Utility is a standalone freeware tool created by Raymond Lin. This tool generates and verifies cryptographic hashes in MD5 and SHA-1. You can also verify the hash to ensure the file integrity is correct with the matching file. The program has a basic, utterly functional interface that should pose no trouble for anyone with the knowledge and skill to need it. 

MD5 & SHA-1 Checksum Utility is free to download and use. 

Download the tool here!

How to use the tool

This tool is easy to use. After you download it and install it on your PC, run the tool. Here, I am going to be testing VMware vSphere Hypervisor 7.0 U1.


MD5SUM: 5f787e2f30eee48fd121220b317f6c47

SHA1SUM: 13e90598c4e46b7fe6e2b08f0fea9d5beb2d6109

SHA256SUM: 5c72f1b26e24e2c6195846f555a2f767a3c6e8394ba35769b5be25e51e84ba80

  • Step 2: Browse for your VMware ISO file. MD5 & SHA-1 Checksum Utility will gather the MD5 and SHA hashes automatically.
VMware Cryptographic Hashes
  • Step 3: To verify a hash, select either MD5 or SHA-1, and click either Copy to generate the hash or Verify to check its integrity. The best way is to make sure that the hashes you got from VMware match the ones gathered by the tool. Paste the desired hash into the "Hash" box, and click verify. Repeat for 

Repeat for the other hashes; and that's all.

Juan Mulford
Juan Mulford
I have been active in IT for over fourteen years now. I am a solutions architect, working with storage, virtualization, and VDI solutions. For the past ten years, I have been living and working in Taiwan.

Leave a Reply

- Advertisement -

Popular Articles


Raspberry Pi OS in a Virtual Machine with VMware

Although the Raspberry Pi OS is designed and optimized for the Raspberry Pi module, it is possible to test and use it without its hardware, with VMware. This solution can be useful if you are a developer (or just a curious guy) and don't have a Raspberry Pi module with you
Unable to delete inaccessible datastore

Unable to delete an "inaccessible" datastore

I was switching my storage array, so I migrated the VMs from that old datastore/storage to a new datastore/storage. The old datastore was shared by 3 ESXi hosts, no cluster. After migrating the VMs and unmount/delete the datastore, it was still presented in two of the ESXi hosts and was marked as inaccessible.
This is not a valid source path / URL

This is not a valid source path / URL - SourceTree and Gitlab

I have been working on a project with a friend who set up a repository in Gitlab but even though I was able to view all projects on it, I couldn’t really join the repository. I was using SourceTree and Gitlab.

How to export a Virtual Machine using the VMware OVF Tool

The VMware OVF Tool is implemented by VMware for easily importing and exporting virtual machines in Open Virtualization Format (OVF) standard format. Here, I want to show you how to download and install it, and then how to use it from a Windows machine.
Couldn't load private key - Putty key format too new

Couldn't load private key - Putty key format too new

couldn't load private key - Putty key format too new.” This issue happens when you use PuTTygen to generate or convert to a ppk key. Here is how to fix it. 
- Advertisement -

Recent Comments