Check File Integrity (Verify Download)

When you download a file from the Internet, often you are asked to verify your download, and then there is a long word called HASH. Most websites do this nowadays because it may happen that someone replaces the file you are downloading with a virus or any other type of malicious software. So, if you check the integrity of the file after downloading with the HASH available on the website, you can be sure that you downloaded the correct file.

So now the question arises of how to know the cryptographic hash of the file that you received. Generally, this hash is in SHA256, but if it is in any other form it will be mentioned on the website. SHA-256 is a hashing technique that generates a 256-bits (32-byte) long hex value of either a data or a file, which later can be used for many reasons. One of the reasons is to check for the file integrity that you downloaded from a website. 

To do so there are packages for both GUI and command-line which are available for all operating systems. Also, not always, the cryptographic SHA value is sufficient to check for the integrity of the tool. However, we need to check for the signing of the file i.e., the signature on the file must be of the creator of the file. To verify the signature there is an open-source tool named GNU Privacy Guard.

There are numerous ways to verify file integrity but we will show you the basic and the easiest ones here. Follow the instructions as per your system and scroll down to the bottom to check the final steps. P.S.: Soon we will be uploading our own tool to verify integrity. 

CRITERIA: Suppose the website from where you downloaded the file has a SHA256 hash for verification and the file name is example.exe.


  • Start a command prompt. [Press the windows key and search for cmd]
  • There is a built-in checksum utility in windows named certUtil.
  • Syntax: certUtil -hashfile <path_to_file> <hash_algorithm>.
  • hash_algorithm options (case-insensitive): MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512. 


  • Start a terminal.
  • There is a built-in package named sha256sum, md5sum, etc. These packages can be used to find the checksum of a file. 
  • Syntax: <type_of_hash> <file_name>.
  • type_of_hash: can be changed depending on the hash you want like sha256sum or md5sum.

For macOS

  • Start a terminal, [Go to the launchpad, and search for Terminal]
  • There is a built-in package named shasum which can be used to find the checksum of a file.
  • Syntax: shasum -a <type_of_hash> <file_name>
  • type_of_hash: can be set as 256 or 512 depending on the need.
Now that you got the sha256 hash of the file you downloaded. You can compare the hash with the given hash on the web browser or you can enter both the hash at the DiffChecker program to check if both the hash is the same or not.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment