FileHint
JAEN

Verify a downloaded file with SHA-256

Hash-check OS images and executables on Windows, Mac, and Linux. The first step in catching tampered downloads.

By FileHint editorial teamSupervised by Netwiz LLCEditorial policy

Why SHA-256 matters

Two binaries that look the same can carry very different code if the download got tampered with. Matching the publisher's hash dramatically raises confidence that you have the real file.

Windows (PowerShell)

Get-FileHash .\setup.exe -Algorithm SHA256

macOS / Linux

shasum -a 256 setup.exe
# or
sha256sum setup.exe

Comparison tips

  • The hash is case-insensitive, but copy-pasted strings pick up stray whitespace and newlines. Trim them.
  • Pull the expected hash over HTTPS from the publisher's site — a tampered download page makes the exercise pointless.

If hashes don't match

  • Re-download from the source (transient corruption happens).
  • If it still doesn't match, treat the file as untrusted and follow the steps in Is this .exe safe?.

Related extensions

References