A SHA-256 checksum (also known as a digest) is generally a fixed-length fingerprint for a file, generated by running the file through a mathematical SHA-256 hash function, in order to detect changes or corruption.
The output is 256 bits, with 1 hexadecimal character representing 4 bits, hence the string is displayed as 64 characters long in hex form. Even if there is the smallest change in the file contents, the outputted digest will also be different.
Example:
user@ubuntu:~$ sha256sum software.zip
7bd0d54500e748ef8f2a320107ad26de7cb7b46c17833ba79f76708a326cdf91To validate the checksum provided by the publisher of a downloaded software for example, the following methods can be used.
Windows Powershell
PS C:\> Get-FileHash "C:\Downloads\software.zip" -Algorithm SHA256
Algorithm
---------
SHA256
Hash
---- 7BD0D54500E748EF8F2A320107AD26DE7CB7B46C17833BA79F7670
8A326CDF91Rather than trying to validate every character by eye or hand, use the following:
PS C:\> $publisherHash = "7bd0d54500e748ef8f2a320107ad26de7cb7b46c17833ba79f76708a326cdf91"
PS C:\> $myHash = (Get-FileHash "C:\Downloads\software.zip" -Algorithm SHA256).Hash
PS C:\> $myHash
7BD0D54500E748EF8F2A320107AD26DE7CB7B46C17833BA79F76708A326CDF91
PS C:\> $myHash -eq $publisherHash
Trueor
FalseUbuntu Linux
Compare:
user@ubuntu:~$ echo "7bd0d54500e748ef8f2a320107ad26de7cb7b46c17833ba79f76708a326cdf91 software.zip" | sha256sum -c
software.zip: OKor
software.zip: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match