Platform & security

How to verify an installer's SHA-256

SHA-256 is a "fingerprint" computed from a file's contents. Change even one byte and the fingerprint changes completely. Spend a few seconds matching your download's fingerprint to the official published value and you confirm the file is complete and hasn't been tampered with or swapped.

Commands per OS

How to compare

Match the hex string the command prints against the SHA-256 the official page provides (or paste it into a text search). Exactly equal means the file is fine; if a single digit differs, don't install — re-download from the official source.

Beyond the checksum

Reputable desktop apps add stronger protection: Windows installers are code-signed, the macOS app is Apple-notarized and checked by Gatekeeper, and Linux packages are GPG-signed. These complement SHA-256 to ensure you install a genuine, complete file. Always download from official channels.

Key takeaways
  • SHA-256 is a file fingerprint — match it to be safe.
  • Use certutil (Windows), shasum (macOS), sha256sum (Linux).
  • Combine with signing/notarization/GPG; download officially.

Download from official channels and check the checksum before installing.

Download the desktop app, free