Knowledge Base
Home / General / How to verify downloads
Verify the integrity of the download
The SHA256 hash can be used to verify the integrity of the downloaded file (for example a setup file). On a Windows system you can use any third-party tool or the integrated certutil command line utility to verify the file.
To use certutil, in a command line run:
certutil -hashfile "[PATH]" sha256
where [PATH] is the full path of the downloaded file. The output will look similar to this:
Compare the calculated SHA256 hash value with the hash value displayed on the download page:
If the file was modified there will be a big difference between the two hash values.
Verify the authenticity of the download
The digital signature can be used to verify the authenticity (and integrity) of the downloaded file. This process validates that the file is really coming from us and has not been modified since it was signed.
To verify the digital signature, use Windows File Explorer to view the Properties of the downloaded file.
On the Digital Signatures tab, select the signature and click Details.
Verify that the message is "This digital signature is OK".