Check and verify md5/sha1/sha256 checksums for MacOS X when I download files

ADVERTISEMENTS



Syntax to check and verify md5/sha1/sha256 checksums for MacOS X

Malware is becoming more and more common for macOS. I wanted to make sure file I downloaded files such as an ISO image or firmware are safe before install on my system. How do I verify md5 or sha1 or sha256 checksums for my Apple MacOS X when I download files from the Internet?Matching the checksum of a download file is necessary and useful in some cases. The main reason is to make sure that one can validate the transmission was ok. The downloaded file was not corrupted or modified during the transfer. You need to use the shasum command to compute or verify SHA message digests. checksum is nothing but a digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

To print or check SHA checksums use the following syntax:

shasum -a algorithm filename

shasum -a algorithm -c input.txt

Where,

-a algorithm : It can be 1 (default), 224, 256, 384, and 512. -c input.txt : Check SHA sums against given list usually stored in a text file.

Examples

Open the Terminal application and grab the latest firmware using wget command:

$ wget http://www.mediafire.com/file/ff04qcobujqek27/RT-AC87U_380.66_6.zip

Verify the file:

$ ls -lh RT-AC87U_380.66_6.zip

Unzip the file using unzip command:

$ unzip RT-AC87U_380.66_6.zip

Sample outputs:

Archive: RT-AC87U_380.66_6.zip inflating: RT-AC87U_380.66_6.trx inflating: README-merlin.txt inflating: Changelog.txt inflating: sha256sum.sha256

Your firmware file named RT-AC87U_380.66_6.trx. You can verify its integrity with sha256sum.sha256 file as follows:

$ shasum -a 256 -c sha256sum.sha256

Sample outputs:

RT-AC87U_380.66_6.trx: OK

If file is modified during transmission or by malware on the remote server you will get an error that read as follows:

$ shasum -a 256 -c sha256sum.sha256

Sample outputs:

RT-AC87U_380.66_6.trx: FAILED shasum: WARNING: 1 computed checksum did NOT match

You must delete the file immediately using the rm command:

$ rm RT-AC87U_380.66_6.zip RT-AC87U_380.66_6.trx

To calculate SHA-256 checksum for an iso file named foo.iso, run:

$ shasum -a 256 foo.iso

Verifying an SHA-1 checksum

The syntax is:

$ shasum -a 1 -c input.txt

OR

$ shasum -a 1 filename

OR

$ shasum -a 1 centos.iso

To see more info about the shasum command type:

$ shasum --help

Sample outputs:

Usage: shasum [ OPTION ] ... [ FILE ] ... Print or check SHA checksums. With no FILE, or when FILE is -, read standard input. -a, --algorithm 1 ( default ) , 224 , 256 , 384 , 512 , 512224 , 512256 -b, --binary read in binary mode -c, --check read SHA sums from the FILEs and check them -t, --text read in text mode ( default ) -U, --UNIVERSAL read in Universal Newlines mode produces same digest on Windows/Unix/Mac - 0 , --01 read in BITS mode ASCII ' 0 ' interpreted as 0 -bit, ASCII ' 1 ' interpreted as 1 -bit, all other characters ignored -p, --portable read in portable mode ( to be deprecated ) The following two options are useful only when verifying checksums: -s, --status don't output anything, status code shows success -w, --warn warn about improperly formatted checksum lines -h, --help display this help and exit -v, --version output version information and exit When verifying SHA- 512 / 224 or SHA- 512 / 256 checksums, indicate the algorithm explicitly using the -a option, e.g. shasum -a 512224 -c checksumfile The sums are computed as described in FIPS PUB 180 - 4 . When checking, the input should be a former output of this program. The default mode is to print a line with checksum, a character indicating type ( `*' for binary, ` ' for text, `U' for UNIVERSAL, `^' for BITS, `?' for portable ) , and name for each FILE. Report shasum bugs to mshelor@cpan.org Usage: shasum [OPTION]... [FILE]... Print or check SHA checksums. With no FILE, or when FILE is -, read standard input. -a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256 -b, --binary read in binary mode -c, --check read SHA sums from the FILEs and check them -t, --text read in text mode (default) -U, --UNIVERSAL read in Universal Newlines mode produces same digest on Windows/Unix/Mac -0, --01 read in BITS mode ASCII '0' interpreted as 0-bit, ASCII '1' interpreted as 1-bit, all other characters ignored -p, --portable read in portable mode (to be deprecated) The following two options are useful only when verifying checksums: -s, --status don't output anything, status code shows success -w, --warn warn about improperly formatted checksum lines -h, --help display this help and exit -v, --version output version information and exit When verifying SHA-512/224 or SHA-512/256 checksums, indicate the algorithm explicitly using the -a option, e.g. shasum -a 512224 -c checksumfile The sums are computed as described in FIPS PUB 180-4. When checking, the input should be a former output of this program. The default mode is to print a line with checksum, a character indicating type (`*' for binary, ` ' for text, `U' for UNIVERSAL, `^' for BITS, `?' for portable), and name for each FILE. Report shasum bugs to mshelor@cpan.org

Another option: openssl command

You can use the openssl command as follows to get and verify checksum.

Verifying an SHA-1 checksum with the openssl command

$ openssl sha1 filename

$ openssl sha1 ~/isoimages/unetbootin-mac-625.dmg

SHA1(/Users/veryv/isoimages/unetbootin-mac-625.dmg)= 8a44b5095ed9b05f8a2643a5df91e932467a0e7

Verifying an SHA256 checksum with the openssl command

$ openssl dgst -sha256 filename

$ openssl dgst -sha256 ~/isoimages/CentOS-7-x86_64-Minimal-1611.iso

SHA256(/Users/veryv/isoimages/CentOS-7-x86_64-Minimal-1611.iso)= 27bd866242ee058b7a5754e83d8ee8403e216b93d130d800852a96f41c34d86a

Verifying an MD5 checksum with the openssl command

$ openssl md5 filename

$ openssl md5 /etc/passwd

MD5(/etc/passwd)= 5e7f80888f3d491c4963881364048c24