OSX Tasks 1: Verifying a SHA1 Hash

One of the biggest challenges in learning to use my MacBook Pro has been discovery of how to perform the little tasks necessary for the day-to-day operation of a computer. In most cases a quick Google search is sufficient to find the answer. However, to avoid losing the knowledge I’ve been keeping notes on how to accomplish these tasks and thought I’d write some blog posts to share those notes with others.

Verifying a SHA1 Hash
If you don’t know what a SHA1 hash is then don’t worry too much about these instructions. Feel free to skip this post. 🙂

To validate the integrity of a package downloaded from the internet, a SHA1 hash code is often calculated by the package publisher prior to offering the software for download on their web site. The publisher then makes this hash code available on their website. After downloading the package to your machine you can calculate the hash code of the physical bits that were delivered and then compare the hashes to ensure the software was not tampered with during the download. This protects against a man-in-the-middle type of attack whereby a malicious user presents to the user a download that appears to have come from the original source when in fact it has been modified, most likely to contain malware.

The following example demonstrates verifying the SHA1 hash code when downloading emacs; a popular open-source text editor.

Step 1: Download the Emacs Package
Download the package from http://homepage.mac.com/zenitani/emacs-e.html.
At the same time make a note of the hash code published on the site.

Step 2: Open a terminal window
Click Launchpad -> Utilities -> Terminal

Step 3: Calculate the Hash Code for the Downloaded Package
In the terminal window type
openssl sha1 /Users/<accountname>/Downloads/CarbonEmacs-Leopard-20100115.dmg
Replace <accountname> with your account name; it’s the directory in which your downloads are stored.

Step 4: Compare the Hash Codes
The calculated hash code for the package you downloaded will be displayed (as seen in the screenshot above). You can compare this calculated hash to the code that is shown on the software publisher’s website.

I found the instructions for completing this task here: http://support.apple.com/kb/HT1652

This entry was posted in OSX, Technology, Uncategorized and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *