Putting this out there for those who are unsure how to validate checksums/ hashes from within Linux for homeusers.
Note: GPG and torrent downloads are outwith the scope of this walkthrough.
Info and Warning!
If downloading a distro, developers normally display checksums on their website for each individual download. Validating these checksums is VITAL before flashing/ burning or installing any program outwith repos or linux .iso’s.
For this walkthrough, I’m using GTKHash, which is in ubuntu/debian repos as well as others. This is a small, instant compare utility to validate checksums/ hashes.
Checksums can also be done via the terminal although the inconvenience is, the user has to manually check and compare results, which is not ideal.
This program offers one of the easiest validation methods I’ve found in many years of distro hopping from within linux.
Methodology may vary although the principals remain the same.
Firstly, open up GTKHash and you’ll be looking at something similar to this at default:
Keeping GTKHash open, go get that distro in your web browser, navigate to your website choice of distro in the download section. Therein should be checksums associated with respective downloads. Once you have the corresponding checksum for your choice of .iso (this varies from site to site), copy the checksum from the website and paste it into the Check: input box (highlighted in red)
IMPORTANT: at this point, establish whether the checksum is MD5. SHA256 etc.. and also if UPPERCASE or lowercase **
Then download that .iso via your web-browser.
Once the .iso is downloaded, we need to configure GTKHash to avoid
user errors as below for SHA256 as an example:
GTKHash Configuration:
In the menubar at the top of GTKHash, select:
Edit > Preferences
Depending on which algorithm is used (MD5, SHA256 etc..)
tick and untick theboxes leaving you with only one function required to validate your ISO.
Also change the Digest Format to either:
UPPERCASE or lowercase Hexidecimal
depending on which format is provided by the distro developer
(see **)
Validation:
Within GTKHash, click in the File: box, then navigate and point it to the downloaded .iso and click the [Open] button
What you should have at this point is the File: Box with the path to the .iso and the check: box with the distro provided checksum.
Then click the [Hash] button on the bottom right hand corner.
This check should only take a few minutes to verify, which is variable on size of distro.
On successful verification, you should see a tick next to each
box to indicate a verified match.
You are now ready to burn the .iso to your preferred storage media 
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If for some reason or other, you don’t see both input boxes ticked, see below:
Self Parity Checks:
If you have downloaded and validated the checksums and they do not match, firstly check that the UPPERCASE/ lowercase is set properly within preferences of GTKHash as described earlier and also ensure that you’ve chosen the correct algorithm MD5, SHA 256 etc..
If, however, they still do not match after subsequent checks, Trash the downloaded distro immediately and report the issue to the distro developers via their website and do the right thing for the linux community.
Then try a different source/ mirror to download the distro and start again.
