To verify the checksum of a file, use the
verify command.
verify [ sha-512 |
/signature]
path
verify/md5 path [ md5-value]
Syntax Description
/md5
|
(Optional) Calculates and displays the MD5 value for the
specified software image. Compare this value with the value available on
Cisco.com for this image.
|
sha-512
|
(Optional) Calculates and displays the SHA-512 value for the
specified software image. Compare this value with the value available on
Cisco.com for this image.
|
/signature
|
(Optional) Verifies the signature of an image stored in flash.
|
md5-value
|
(Optional) The known MD5 value for the specified image. When an
MD5 value is specified in the command, the system will calculate the MD5 value
for the specified image and display a message verifying that the MD5 values
match or that there is a mismatch.
|
path
|
-
filename
The name of a file in the current directory. Use
dir to see directory contents,
cd to change directories.
-
disk0:/[path/]filename
This option indicates the internal Flash memory. You can also
use
flash: instead of
disk0 ; they are aliased.
-
disk1:/[path/]filename
This option indicates the external Flash memory card.
-
flash:/[path/]filename
This option indicates the internal Flash card. For the ASA 5500
series,
flash is an alias for
disk0: .
-
ftp://[user[:password]@]server[:
port]/[path/]filename[;type=xx]
The
type can be one of the following keywords:
-
http[s]://[user[:password]
@]server[:
port]/[path/]filename
-
tftp://[user[:password]@]server[:
port]/[path/]filename[;int=interface_name]
Specify the interface name if you want to override the route to
the server address. The pathname cannot contain spaces.
|
Command Default
The current flash device is the default file system.
Note
|
When you specify the
/md5 option, you can use a network file, such as
ftp, http and tftp as the source. The
verify command without the
/md5 option only lets you verify local images in
Flash.
|
Command History
Release
|
Modification
|
6.1
|
This command was introduced.
|
Usage Guidelines
Use the
verify
command to verify the checksum of a file before using it.
Each software image that is distributed on disk uses a single
checksum for the entire image. This checksum is displayed only when the image
is copied into Flash memory; it is not displayed when the image file is copied
from one disk to another.
Before loading or duplicating a new image, record the checksum
and MD5 information for the image so that you can verify the checksum when you
copy the image into Flash memory or onto a server. A variety of image
information is available on Cisco.com.
To display the contents of Flash memory, use the
show flash:
command. The Flash contents listing does not include the checksum of individual
files. To recompute and verify the image checksum after the image has been
copied into Flash memory, use the
verify
command. Note, however, that the
verify
command only performs a check on the integrity of the file after it has been
saved in the file system. It is possible for a corrupt image to be transferred
to the device and saved in the file system without detection. If a corrupt
image is transferred successfully to the device, the software will be unable to
tell that the image is corrupted and the file will verify successfully.
To use the message-digest5 (MD5) hash algorithm to ensure file
validation, use the
verify command with the /md5 option.
MD5 is an algorithm (defined in RFC 1321) that is used to verify data integrity
through the creation of a unique 128-bit message digest. The
/md5 option
of the
verify
command allows you to check the integrity of the security appliance software
image by comparing its MD5 checksum value against a known MD5 checksum value
for the image. MD5 values are now made available on Cisco.com for all security
appliance software images for comparison against local system image values.
To perform the MD5 integrity check, issue the
verify
command using the
/md5 keyword.
For example, issuing the
verify /md5
flash:cdisk.bin command will calculate and display the MD5 value
for the software image. Compare this value with the value available on
Cisco.com for this image.
Alternatively, you can get the MD5 value from Cisco.com first,
then specify this value in the command syntax. For example, issuing the
verify /md5 flash:cdisk.bin
8b5f3062c4cacdbae72571440e962233 command will display a message
verifying that the MD5 values match or that there is a mismatch. A mismatch in
MD5 values means that either the image is corrupt or the wrong MD5 value was
entered.
Examples
The following example verifies an image file. This is the same
result you would see if you included the
/signature
keyword.
> verify os.img
Verifying file integrity of disk0:/os.img
Computed Hash SHA2: 4916c9b70ad368feb02a0597fbef798e
ca360037fc0bb596c78e7ef916c6c398
e238e2597eab213d5c48161df3e6f4a7
66e4ec15a7b327ee26963b2fd6e2b347
Embedded Hash SHA2: 4916c9b70ad368feb02a0597fbef798e
ca360037fc0bb596c78e7ef916c6c398
e238e2597eab213d5c48161df3e6f4a7
66e4ec15a7b327ee26963b2fd6e2b347
Digital signature successfully validated
The following example calculates an MD5 value for the image.
Most exclamation points have been removed for brevity.
> verify /md5 os.img
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!Done!
verify /MD5 (disk0:/os.img) = 0940c6c71d3d43b3ba495f7290f4f276
>
The following example calculates an MD5 value and compares it to
the expected value. The decision in this case is Verified, the calculated and
expected values match.
> verify /md5 os.img 0940c6c71d3d43b3ba495f7290f4f276
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Done!
Verified (disk0:/os.img) = 0940c6c71d3d43b3ba495f7290f4f276
>
The following example computes the SHA-512 value for the image.
> verify /sha-512 os.img
!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Done!
verify /SHA-512 (disk0:/os.img) = 77421c0f6498976fbe5300e62bd8b7e8140b52a851f055265080
a392299848a77227d6047827192f34d969d36944abf2bddd215ec4127f9503173f82a2d6c7e2