Menu
If I've downloaded a file with a known SHA256 hash, how can I use PowerShell to check that the file matches the expected hash?
350
To compare the checksum to the value in the file SHA256SUMS, run the command with the '-c' flag. This will take all the checksums in the file, compare them with the corresponding filename, and print the filename that matches the checksum.
In Windows File Explorer select the files you want the hash values calculated for, click the right mouse button, and select Calculate Hash Value, then select the appropriate hash type from the pop-up sub-menu (e.g. MD5). The values will then be calculated and displayed.
The PowerShell cmdlet Get-FileHash generates hash values both for files or streams of data. A hash is simply a function that converts one value into another. Sometimes the hash value may be smaller to save on space, or the hash value may be a checksum used to validate a file.
The Get-FileHash cmdlet computes hashes for files, and SHA256 is its default hash algorithm.
To compute the hash of a file:
Get-FileHash .\path\to\foo.zip
This produces something like:
Algorithm Hash Path
--------- ---- ----
SHA256 15DC0502666851226F1D9C0FE352CCAF0FFDEFF2350B6D2D08A90FCD1F610A10 C:\Users\me\path\to\foo.zip
To compare to the known value, extract the computed hash value alone from the output of Get-FileHash, then compare it to the expected value as a (quoted) string literal. Conveniently this comparison appears to be case-insensitive
(Get-FileHash .\path\to\foo.zip).Hash -eq "15dc0502666851226f1d9c0fe352ccaf0ffdeff2350b6d2d08a90fcd1f610a10"
True
...or if you've got the expected hash in a file, say expected-hash.sha256
(Get-FileHash '.\path\to\foo.zip').Hash -eq (Get-Content .\expected-hash.sha256)
True
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With