How to verify downloaded files
Checksums computed on the content of downloaded files are a way to verify that the content is authentic and has neither been altered by an unauthorized third party, nor been damaged during the transfer process across the Internet.
Our distribution packages containing software compatible with macOS 10.12 or later fully support the automatic checks performed by the operating system. In this case, the Gatekeeper component of macOS automatically verifies that the DMG file you have downloaded is both authentic and unaltered. If you don't receive an error message when opening the DMG file, the file will be intact.
If you are using older versions of OS X or Mac OS X, or if you like to run an additional check independent of Gatekeeper, you can compute a checksum and compare it to the official checksum we always publish on our download pages. We are using the so-called SHA-256 standard (Secure Hash Algorithm 2 with 256 bits) for the checksums.
Perform the following steps:
- Make sure you have the icon of the downloaded file displayed somewhere in a Finder window or your Desktop.
- Open the Terminal application.
- Enter the command
shasum -a 256
into the Terminal window but don't press the Return key (Enter) yet. Instead, enter a blank character (space bar) after the "256". - Drag the icon of the downloaded file into the Terminal window. A path specification will appear in the Terminal window. Ensure to drag the actual download file, not any unpacked version of it or any file within the disk image.
- Now press the Return key (Enter).
- You will see output similar to the following example:
example9fb793e0371dfcaf55521e22cc51fa3f3e63939a2d7c4f94bc11e3dc3 Example.dmg
The long sequence of digits and letters is the SHA-256 checksum. Compare it to the checksum the file should have. (The correct checksum is mentioned on our respective download page. The number shown above is just an example.) If it is identical, the file will be intact. - Quit the Terminal application.