Verify Hash

Setup and first run

Very simple shell script to check if a downloaded file has been tampered.

Download the file verify-hash.sh (or the whole repo) and run it:

curl https://raw.githubusercontent.com/brootware/verify-hash.sh/master/verify-hash.sh > verify-hash.sh && chmod +x verify-hash.sh
./verify-hash.sh <hash_algo> <file> <source_hash>

For example, with a downloaded file:

./verify-hash.sh sha512 Downloads/path/to/generic/file.tgz 7A186A2A007B2DFD880571F7214A7D329C972510A460A8BDBEF9F7F2A891019343C020F74B496A61E5AA42BC9E9A79CC99DEFE5CB3BF8B6F49C07E01B259BC6B

You might need to give the file the correct permissions, using chmod and chown.

Once running, it will show you the following output:

Computed hash: 7a186a2a007b2dfd880571f7214a7d329c972510a460a8bdbef9f7f2a891019343c020f74b496a61e5aa42bc9e9a79cc99defe5cb3bf8b6f49c07e01b259bc6b
Given hash:    7a186a2a007b2dfd880571f7214a7d329c972510a460a8bdbef9f7f2a891019343c020f74b496a61e5aa42bc9e9a79cc99defe5cb3bf8b6f49c07e01b259bc6b
OK: Keys match correctly.

If you want to add this script to path, you can run the below commands

curl https://raw.githubusercontent.com/brootware/verify-hash.sh/master/verify-hash.sh > verifyhash && chmod +x verifyhash
sudo mv verifyhash /opt/
export PATH=$PATH:/opt
verifyhash

Features

This supports all the algorithms of the form *sum in Linux. For example sha512sum, md5sum, so on and so forth.

Please note that the string matching is case insensitive on purpose.