After downloading a file from our site, you may want to verify its SHA-256 checksum to ensure the downloaded file’s integrity.
A bit of background: While working with games, I often need to move large amounts of data. Packages of 150 GB or more are not uncommon. When copying, uploading, downloading them, how to make sure not a single bit has changed? A solution is obviously to calculate some checksum and compare it between the source and the destination location. If the checksums don’t match, it would be beneficial to avoid transferring the entire package again. Thus, packing it into multiple files (a multi-part .7z archive) is a good idea. This, however, requires a convenient way to calculate checksums of multiple files at once.
Using Powershell script we always match the HASH value of a file on the WEB URI and the hash after it’s downloaded and report failure if the hash does not match.
I’m now dealing with the below URL where Im unable to match the HASH MD5 on URI totmYatp14JwNhBLZwYpog== to MD5 on local B68B6661AB69D7827036104B670629A2?.
There is Content-MD5 mentioned totmYatp14JwNhBLZwYpog== on the below URL for the file:
Is it possible to match Hash or any other solution to make sure that the file on the webpage and the one after the download match?
Below is what I tried but the MD5 does not match:
MD5 and content-length for the concerned file from headers are below:
PS C:\Users\HOME> $response = Invoke-WebRequest -Uri "https://cdn.windwardstudios.com/Archive/23.X/23.3.5/JavaRESTfulEngine-23.3.5.1.zip" -Method Head
PS C:\Users\HOME> $response.Headers['Content-MD5']
totmYatp14JwNhBLZwYpog==
PS C:\Users\HOME> $response.Headers['Content-Length']
189583636
However, when the same file is downloaded locally its content-length MATCHES but the content-md5 DOES NOT MATCH when it should:
$filePath = 'C:\Users\HOME\Downloads\JavaRESTfulEngine-23.3.5.1.zip'
# Calculate the MD5 hash of the file
$md5 = Get-FileHash -Path $filePath -Algorithm MD5
Write-Host ("MD5 hash (Content-MD5) of " + $filePath + ": " + $md5.Hash)
$fileInfo = Get-Item $filePath
$fileInfo.Length
As you can see from the output the content-length matches but the content-MD5 does not.
PS C:\Users\HOME> C:\Logs\getkey.ps1
MD5 hash (Content-MD5) of C:\Users\HOME\Downloads\JavaRESTfulEngine-23.3.5.1.zip: B68B6661AB69D7827036104B670629A2
189583636
How can I get the MD5 on URI totmYatp14JwNhBLZwYpog== to match MD5 on local B68B6661AB69D7827036104B670629A2?
# Convert MD5 hash to Base64
$md5Base64 = [Convert]::ToBase64String($md5.Hash)
Write-Host "MD5 in Base64: $md5Base64"
# Convert Base64 MD5 hash to Hex
$md5Bytes = [Convert]::FromBase64String($md5Base64)
$md5Hex = [System.BitConverter]::ToString($md5Bytes) -replace '[-\s]', ''
Write-Host "MD5 in Hex: $md5Hex"
Cannot convert argument "inArray", with value: "B68B6661AB69D7827036104B670629A2", for "ToBase64String" to type "System.Byte[]": "Cannot convert value
"B68B6661AB69D7827036104B670629A2" to type "System.Byte[]". Error: "Cannot convert value "B68B6661AB69D7827036104B670629A2" to type "System.Byte". Error: "Input string
was not in a correct format."""
At C:\Logs\getkey.ps1:31 char:1
+ $md5Base64 = [Convert]::ToBase64String($md5.Hash)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodArgumentConversionInvalidCastArgument
Other solutions
Of course, this script is only one of many possible solutions to this problem. I am sure it could be equally easy implemented in Python, maybe even in old good .bat file.
The script
My script is actually just a single line:
$ExtractName = @{l='Name';e={Split-Path $_.Path -Leaf}}; Get-FileHash -Path INPUT_MASK | Select-Object -Property Hash, $ExtractName > OUTPUT_FILETo use it:
- Open PowerShell console.
- Go to the directory with your archives to hash.
- Paste the command provided above. Before pressing ENTER:
- Replace “INPUT_MASK” with the mask of your files to hash. For example, if the archive files are named “Archive.7z.001”, “Archive.7z.002”, etc., you can type in “Archive.7z.*”.
- Replace “OUTPUT_FILE” with the name or path of the output file to be created.
- Hit ENTER.
Example PowerShell session:
PS C:\Users\Adam Sawicki> cd E:\tmp\checksum_test\
PS E:\tmp\checksum_test> $ExtractName = @{l='Name';e={Split-Path $_.Path -Leaf}}; Get-FileHash -Path Archive.7z.* | Select-Object -Property Hash, $ExtractName > Checksums.txt
PS E:\tmp\checksum_test>
If input files are large, it may take few minutes to execute. After it is complete, the output file “Checksums.txt” may look like this:
Hash Name
---- ----
CBBABFB5529ACFB6AD67502F37444B9273A9B5BB7AF70EFA0FF1F1EC99B70895 Archive.7z.001
185D73ECBCECB9302981C97D0DDFC4B96198103436F23DB593EA9BAFBF997DAC Archive.7z.002
086640842CC34114B898D2E19270DCE427AC89D64BCD9E8E3D8D955D69588402 Archive.7z.003
BE536C66854530236DA924B1CAED44D0880D28AAA66420F6EBE5F363435BEB4F Archive.7z.004
You can then execute the same script on the destination machine of your transfer and compare files and checksums to make sure they match.
Thoughts about PowerShell
1. On one hand, it is a .NET language (like C#), so we can write functions, classes, use all its rich type system, standard library, even create GUI using Windows Forms. However, it retains a syntax reminiscent of shell languages (Command Arg1 Arg2) rather than the syntax typical of regular programming languages (Function(Arg1, Arg2)).
2. We can browse, create, modify, and remove items in the file system, as well as the Windows Registry, and possibly other locations, using the same syntax, e.g.:
PS E:\tmp\checksum_test> lsMode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2024-01-27 9:07 4294967296 Archive.7z.001
-a---- 2024-01-27 9:06 4294967296 Archive.7z.002
-a---- 2024-01-27 9:06 4294967296 Archive.7z.003
-a---- 2024-01-27 9:07 2582433632 Archive.7z.004
-a---- 2024-01-27 9:14 986 Checksums.txtPS E:\tmp\checksum_test> cd HKLM:\DRIVERS\DriverDatabase
PS HKLM:\DRIVERS\DriverDatabase> lsName Property
---- --------
DeviceIds
DriverFiles
DriverInfFiles
DriverPackages
4. Data is passed as .NET objects – a sequence of objects having properties of various types – strings, numbers, booleans. I believe this is how things should have been from the very beginning of system shells. Printing data as text and parsing it back is a notorious source of bugs and security vulnerabilities, just like fixed-sized buffers, null terminators, comma separators, etc. A string should be just a string, no matter how many or what specific bytes it contains. It is when a special character starts “working” in a special way instead of being just another piece of data when bad things happen.
What is an SHA-256 checksum?
You can think of a checksum as a fingerprint of a file.
Here’s an example of a checksum:
Every file has a unique checksum that you can use to ensure its integrity. In other words, you can verify the file’s checksum to ensure the file you downloaded is exactly the file you want and that it was not corrupted or modified in any way.
SHA-256 is a name for one of the hash algorithms you can use to generate a checksum.
Windows
You can use Command Prompt or PowerShell to generate a SHA-256 checksum on Windows.
Using Command Prompt
1. Press Windows+R to open the Run box
2. Type cmd and click OK.
3. The Command Prompt window will open.
certutil -hashfile C:\file\path\my_file.exe SHA256
Make sure to replace C:\file\path\my_file.exe with the actual path to the file.
5. Compare the generated value to the checksum of the file in Rublon Downloads.
Using Power Shell
1. Press Windows+R to open the Run box
2. Type powershell and click OK.
3. The Windows PowerShell window will open.
Get-FileHash C:\file\path\my_file.exe -Algorithm SHA256
Make sure to replace ith the actual path to the file
5. Compare the generated value to the checksum of the file in Rublon Downloads.
Linux
Every Linux distribution comes with tools for various checksum algorithms. SHA-256 checksum tool is called sha256sum.
1. Go to the directory where your downloaded file is stored, e.g.:
Make sure to replace my_file.exe with the actual name of the file.
3. Compare the generated value to the checksum of the file in Rublon Downloads.
How does it work?
The script is made of several parts: First, Get-FileHash command calculates and prints hashes of all the files specified as the input mask. However, its output is not ideal as it contains absolute paths to the hashed files:
PS E:\tmp\checksum_test> Get-FileHash -Path Archive.7z.*
These locations will likely be different on the source and target machine of our copy, so we want to extract only file name, without the path. This is the purpose of Split-Path $_.Path -Leaf. Split-Path coverts a string, extracting only part of a path. The -Leaf parameter indicates that we are interested in the last part of the path, which is the file name.
Warning
There is one caveat with this script: If you enter just “*” as the input mask (meaning all files) and if you also specify the output file in the same directory, the script will create and start writing the output file, while also trying to hash it as an input, which will result in an error.:
PS E:\tmp\checksum_test> $ExtractName = @{l='Name';e={Split-Path $_.Path -Leaf}}; Get-FileHash -Path * | Select-Object -Property Hash, $ExtractName > Checksums.txt
Get-FileHash : The file 'E:\tmp\checksum_test\Checksums.txt' cannot be read: The process cannot access the file
'E:\tmp\checksum_test\Checksums.txt' because it is being used by another process.
At line:1 char:58
+ ... {l='Name';e={Split-Path $_.Path -Leaf}}; Get-FileHash -Path * | Selec ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ReadError: (E:\tmp\checksum_test\Checksums.txt:PSObject) [Write-Error], WriteErrorExcept
ion
+ FullyQualifiedErrorId : FileReadError,Get-FileHashTo avoid this issue, either specify a more concrete input mask, like “Archive.7z.*”, or specify the output file in a different directory, such as “E:\Tmp\Checksums.txt”.
How to verify an SHA-256 checksum?
To verify the SHA-256 checksum of a file, you must generate a checksum of the downloaded file and compare it to the checksum in Rublon Downloads.
Find the instructions below to learn how to generate a checksum of a file on your operating system.
What You Need To Remember
There are two things you need to remember while generating checksums of our files:
All checksums in Rublon Downloads are generated using the SHA-256 algorithm. If you use a different algorithm to generate your checksum, e.g. SHA 1, it will produce a different result. Always generate an SHA-256 checksum.
For checksums, capitalization does not matter, e.g. A and a are the same. These two strings are the same checksum:
MacOS
1. Click the Launchpad icon in the Dock, type Terminal in the search field, then click Terminal.
shasum -a 256 /file/path/my_file.exe
Make sure to replace /file/path/my_file.exe with the actual path to the file
3. Compare the generated value to the checksum of the file in Rublon Downloads.
Похожее:
Полезные заготовки вызова утилит командной строки 
«Изменение размера шрифта для устройств Nokia по сравнению с изменением общего масштаба шрифта приложения на Android с использованием Configuration.fontScale»? 
Powershell найти и добавлять файлы в zip, соответствуя имя файла и имя его родительской папки 
Что такое файл hosts, зачем он нужен и как его исправить?