How to check and verify md5/sha1/sha256 checksums for Apple MacOS X when I download files

Posted on in Categories , , , last updated June 30, 2017

Malware is becoming more and more common for macOS. I wanted to make sure file I downloaded files such as an ISO image or firmware are safe before install on my system. How do I verify md5 or sha1 or sha256 checksums for my Apple MacOS X when I download files from the Internet?

You need to use the shasum command to compute or verify SHA message digests.
A checksum is nothing but a digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.


To print or check SHA checksums use the following syntax:
shasum -a algorithm filename
shasum -a algorithm -c input.txt


  1. -a algorithm : It can be 1 (default), 224, 256, 384, and 512.
  2. -c input.txt : Check SHA sums against given list usually stored in a text file.


Open the Terminal application and grab the latest firmware using wget command:
$ wget
Verify the file:
$ ls -lh
Unzip the file using unzip command:
$ unzip
Sample outputs:

  inflating: RT-AC87U_380.66_6.trx   
  inflating: README-merlin.txt       
  inflating: Changelog.txt           
  inflating: sha256sum.sha256

Your firmware file named RT-AC87U_380.66_6.trx. You can verify its integrity with sha256sum.sha256 file as follows:
$ shasum -a 256 -c sha256sum.sha256
Sample outputs:

RT-AC87U_380.66_6.trx: OK

If file is modified during transmission or by malware on the remote server you will get an error that read as follows:
$ shasum -a 256 -c sha256sum.sha256
Sample outputs:

RT-AC87U_380.66_6.trx: FAILED
shasum: WARNING: 1 computed checksum did NOT match 

You must delete the file immediately using the rm command:
$ rm RT-AC87U_380.66_6.trx
To calculate SHA-256 checksum for an iso file named foo.iso, run:
$ shasum -a 256 foo.iso

Verifying an SHA-1 checksum

The syntax is:
$ shasum -a 1 -c input.txt
$ shasum -a 1 filename
$ shasum -a 1 centos.iso
To see more info about the shasum command type:
$ shasum --help
Sample outputs:

Usage: shasum [OPTION]... [FILE]...
Print or check SHA checksums.
With no FILE, or when FILE is -, read standard input.
  -a, --algorithm   1 (default), 224, 256, 384, 512, 512224, 512256
  -b, --binary      read in binary mode
  -c, --check       read SHA sums from the FILEs and check them
  -t, --text        read in text mode (default)
  -U, --UNIVERSAL   read in Universal Newlines mode
                        produces same digest on Windows/Unix/Mac
  -0, --01          read in BITS mode
                        ASCII '0' interpreted as 0-bit,
                        ASCII '1' interpreted as 1-bit,
                        all other characters ignored
  -p, --portable    read in portable mode (to be deprecated)
The following two options are useful only when verifying checksums:
  -s, --status      don't output anything, status code shows success
  -w, --warn        warn about improperly formatted checksum lines
  -h, --help        display this help and exit
  -v, --version     output version information and exit
When verifying SHA-512/224 or SHA-512/256 checksums, indicate the
algorithm explicitly using the -a option, e.g.
  shasum -a 512224 -c checksumfile
The sums are computed as described in FIPS PUB 180-4.  When checking,
the input should be a former output of this program.  The default
mode is to print a line with checksum, a character indicating type
(`*' for binary, ` ' for text, `U' for UNIVERSAL, `^' for BITS, `?'
for portable), and name for each FILE.
Report shasum bugs to [email protected]

Another option: openssl command

You can use the openssl command as follows to get and verify checksum.

Verifying an SHA-1 checksum with the openssl command

$ openssl sha1 filename
$ openssl sha1 ~/isoimages/unetbootin-mac-625.dmg
SHA1(/Users/veryv/isoimages/unetbootin-mac-625.dmg)= 8a44b5095ed9b05f8a2643a5df91e932467a0e7

Verifying an SHA256 checksum with the openssl command

$ openssl dgst -sha256 filename
$ openssl dgst -sha256 ~/isoimages/CentOS-7-x86_64-Minimal-1611.iso
SHA256(/Users/veryv/isoimages/CentOS-7-x86_64-Minimal-1611.iso)= 27bd866242ee058b7a5754e83d8ee8403e216b93d130d800852a96f41c34d86a

Verifying an MD5 checksum with the openssl command

$ openssl md5 filename
$ openssl md5 /etc/passwd
MD5(/etc/passwd)= 5e7f80888f3d491c4963881364048c24

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

2 comment

  1. I created a simple Applescript for that and put it into the Finder menu bar (or the Dock). And then i can simply Drag any file on that icon and i get the corresponding hash.

    on open f
    	set filePath to POSIX path of f as string
    	display dialog (do shell script "md5 -q \"" & filePath & "\"")
    end open

Leave a Comment