How to check integrity of deliverables
- Yuriy Zavgorodniy
Software deliverables that can be downloaded on Hilscher's Knowledge Base will have the corresponding SHA-256 hash appended as a comment. Hashes are provided in hexadecimal form, using lower cases and without spaces. The typical tools have no issues with this.
In order to check the file for integrity, first calculate the SHA-256 hash of the downloaded file and then compare the output to the hash value provided under the file. A difference of these hash values would indicate that the file was altered. A list of downloadable files on the Knowledge Base including their hashes might look as follows:
Checking SHA256 Hash
In order to calculate the SHA-256 hash of a file using the certutil application, enter the following command into the command prompt of Windows: certutil -hashfile "filename" SHA256
Example:
Checking SHA512 Hash
In order to calculate the SHA-512 hash of a file using the certutil application, enter the following command into the command prompt of Windows: certutil -hashfile "filename" SHA512
Example:
SHA-256 Tools
There's a large number of tools, both online browser applications and offline applications and command line tools that can calculate hash values for different hash algorithms (SHA-1, SHA-256, etc.).
The following list contains some tools which can be used to calculate the SHA-256 hash of a file / string. Note that these are only suggestions, no liability is assumed for errors.
- OpenSSL
- mbedTLS
- certutil
- powershell
- https://passwordsgenerator.net/sha256-hash-generator/