How to verify a SHA1 checksum
Checksums computed on the content of downloaded files are a way to verify that the content is authentic and has neither been altered by an unauthorized third party, nor been damaged during the transfer process across the Internet.
To compute such a checksum with the help OS X, Apple recommends the use of the so-called SHA1 standard (Secure Hash Algorithm Version 1). Apple is using this method for their own security updates as well. For more information please also refer to Apple Support Article HT201259.
Perform the following steps:
- Make sure you have the icon of the downloaded file displayed somewhere in the Finder.
- Open the Terminal application.
- Enter the command
/usr/bin/openssl sha1
into the Terminal window but don't press the Return key (Enter) yet. Instead, enter a blank character (space bar) after the "1". - Drag the icon of the downloaded file from the Finder window into the Terminal window. A path specification will appear in the Terminal window. Ensure to drag the actual download file, not any unpacked file or contents of the download.
- Now press the Return key (Enter).
- You will see output similar to the following example:
SHA1(path specification)= example12345678901234567890123456789012.
The long sequence of digits and letters is the SHA1 checksum. Compare it to the checksum the file should have. (The correct checksum is mentioned on our respective download page). If it is identical, the file will be authentic. - Quit the Terminal application.
