Recently, I downloaded a WordPress theme from a public repository. The repository owners gave SHA1 checksums with the files they offered so that anyone downloading can check the integrity of the files to determine whether the files have been tampered with.
I usually download themes directly to the Linux box I use to host the files and the box has the openssl suite installed.
In order to verify the checksum from the shell, simply use the openssl command line tools. For an SHA1 digest,
$ openssl sha1 <filename>
Likewise, for an MD5 digest,
$ openssl md5 <filename>
Microsoft have a tools that can be used to calculate these hashes on Windows boxes, It is called the File Checksum Integrity Verifier (FCIV) and can be downloaded for free.
Later versions of Windows come with a tool called certutil
that can be used to check hashes. For an MD5 hash,
certutil -hashfile <filename> MD5
Leave a Reply