Command for Verifying the SHA256 checksum in the Terminal

grant's Avatar


10 Jul, 2021 11:11 PM

Just read How to verify the downloaded GPG Suite? and it rocks.

When I got to the step about verifying the SHA256 checksum

The resulting SHA256 checksum must match the SHA256 checksum on

I got really lazy because visually comparing sixty-four characters in the checksum character-by-character is difficult!

Instead I just ran a shell one-liner to verify it at the command line by copying in the checksum generated here and the one I copied from the website (for sake of simplicity I cut off the checksum):

if [ "383bd..." = "383bd..." ]; then echo "Checksum is: Correct."; else echo "Checksum is: *Incorrect*."; fi

Since everyone is already using the Terminal to perform the validation we know that it is present, we are already there and we can run it once we copy the value from the site.

Pre Catalina the default shell is Bash; Catalina and following it is zsh so I tried to test both. I'm on Mojave so I tested the one-liner on Bash V3.2.57 (default), Bash v5.1.8 (I installed it), and zsh v5.3 (I installed that too) and it worked correctly on each of them.

That helped me a lot to feel better that I was actually confirming that checksum's matched so I wanted to share it.

Thanks for your great product.

  1. 1 Posted by grant on 10 Jul, 2021 11:31 PM

    grant's Avatar

    Here are the actual steps that I did:

    Need to verify the DMG download is correct.

    Automate the 64 character comparison with this comparison code.

    if [ "Created Sum." = "Downloaded Sum." ]; then echo "Checksum is: Correct.";
    else echo "Checksum is: Not Correct."; fi

    Get the created sum.

    shasum --algorithm 256 --binary GPG_Suite-2021.1_105.dmg

    It is:


    Replace "Created Sum." in the comparison code with that first part, not that second part, not the space, nor the file name.

    Go to the home page, hover over the SHA256 popup to see the first few digits (currently can't copy and paste from the popup but that is addressed in another report), edit the source, and search for "SHA256", find the first few digits (it will be obvious), copy the entire value, and replace "Downloaded Sum." with it in the comparison code.

    if [ "383bd6ab4791ee51e0f67955ad1ab70bb3a2a1e5c71f6a7f42f53b92684106e0" = "383bd6ab4791ee51e0f67955ad1ab70bb3a2a1e5c71f6a7f42f53b92684106e0" ]; then echo "Checksum is: Correct.";
    else echo "Checksum is: Not Correct."; fi

    Run that code in the Terminal.

    Now it should print out

    Checksum is: Correct.

    It is good!

    The download is correct.

  2. Support Staff 2 Posted by Steve on 11 Jul, 2021 11:21 AM

    Steve's Avatar

    Hi Grant,

    thanks so much for taking the time to share this feedback. We will see if we can add it to our KB article. Please allow some time for this as we will have to discuss this.

    Obviously copy pasting the checksum from the website should be much easier as well.

    Have a great weekend,

  3. 3 Posted by grant on 11 Jul, 2021 03:31 PM

    grant's Avatar

    Thank you Steve.

    What you all do is greatly appreciated.

    Have a pleasant weekend.

  4. Support Staff 4 Posted by Steve on 18 Aug, 2021 10:26 AM

    Steve's Avatar

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you stay in the loop and will receive info as soon as we have news. Feel free to open a new discussion should you run into further problems or need assistance.

  5. Steve closed this discussion on 18 Aug, 2021 10:26 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac