kevinhakanson.com

File Verification of a SHA-256 Hash using PowerShell

April 14, 2019 #powershell #security

I was researching photo apps when I came across the open source digiKam. Since I was going to download digiKam-6.0.0-Win64.exe from a mirror site, I wanted to perform some file verification using one of the hash values.

File information

  • Filename: Mirrors for digiKam-6.0.0-Win64.exe
  • Filename: digiKam-6.0.0-Win64.exe
  • Path: /stable/digikam/6.0.0/digiKam-6.0.0-Win64.exe
  • Size: 307M (321802858 bytes)
  • Last modified: Sun, 10 Feb 2019 08:31:33 GMT (Unix time: 1549787493)
  • SHA-256 Hash: 3a39d14bf98641dbce2072c9a68099e15acece4f94897113611e16fa4fcb58e8
  • SHA-1 Hash: 7895d692e39e4c90b7c319e85e28b3634b586568
  • MD5 Hash: d61404944f63fdf5c2dac3773d056978

I normally use shasum for this task since it is available on Linux, macOS, and Windows using Git Bash.

$ shasum -a 256 digiKam-6.0.0-Win64.exe
3a39d14bf98641dbce2072c9a68099e15acece4f94897113611e16fa4fcb58e8 *digiKam-6.0.0-Win64.exe

Because I was going to suggest this program to a non-developer Windows 10 user, I wanted to find another way for them to verify. Since Windows PowerShell is installed by default, I decided to use PowerShell Get-FileHash.

PS D:\kevin\downloads> Get-FileHash .\digiKam-6.0.0-Win64.exe | Format-List

Algorithm : SHA256
Hash      : 3A39D14BF98641DBCE2072C9A68099E15ACECE4F94897113611E16FA4FCB58E8
Path      : D:\kevin\downloads\digiKam-6.0.0-Win64.exe

From that output, I can compare the values by copying the value and doing a “find” on the download page. But now that I was playing around with PowerShell, I wanted to explore better ways and did some exploration.

PS D:\kevin\downloads> $hash = Get-FileHash .\digiKam-6.0.0-Win64.exe
PS D:\kevin\downloads> $hash.hash
3A39D14BF98641DBCE2072C9A68099E15ACECE4F94897113611E16FA4FCB58E8
PS D:\kevin\downloads> $hash.hash -eq "3a39d14bf98641dbce2072c9a68099e15acece4f94897113611e16fa4fcb58e8"
True

I wasn’t expecting the case insensitive compare to work, but About Comparison Operators verified this was the default as well as the other options.

By default, all comparison operators are case-insensitive. To make a comparison operator case-sensitive, precede the operator name with a c. For example, the case-sensitive version of -eq is -ceq. To make the case-insensitivity explicit, precede the operator with an i. For example, the explicitly case-insensitive version of -eq is -ieq.

Putting everything together, I can use this 1-liner as future reference.

PS D:\kevin\downloads> (Get-FileHash .\digiKam-6.0.0-Win64.exe).hash -eq "3a39d14bf98641dbce2072c9a68099e15acece4f94897113611e16fa4fcb58e8"
True