How to validate checksums without Terminal command?

I’m late to the discussion, but for anyone interested in yet another option… Many years ago I wrote a simple AppleScript droplet that allows you to drop a file on it, and it will compare the file’s checksum with a string in the clipboard. So I copy the checksum to my clipboard (usually from the download website), then drop the file on the app (which I keep in my Dock). It displays a dialogue saying either checksums match or that they don’t. Anyone who wants to use it can download it here (it can be opened in Script Editor if you want to inspect the code):

Verify file checksum

Or create a new script in Script Editor (or the excellent Script Debugger) and paste in the following code. Once saved, I set the app to have a padlock icon so it’s a clear target in the Dock, but you can paste whatever icon you want onto the app (after it’s saved – Script Editor resets icons to be generic on save for some reason).

(* Verify file checksum
 *
 * This script compares a provided checksum/digest string to the checksum produced by openssl run on a file.
 *
 * author: Jolin Warren <software at OakAndApple.org>
 * date: 3 December 2021
 * version: 2.0
 *
 * 2.0 (3-12-2021): removed hardcoded sha1 to allow specifying cipher to use when run
 *
 * 1.0 (12-2-2008): initial release
 *)

on run
	set theFiles to choose file with prompt "Select which disk image’s cipher digest you want to verify:" of type {"devi", "com.apple.disk-image"} ¬
		default location (path to downloads folder) with multiple selections allowed without invisibles
	my compareCipher(theFiles)
end run

on open theFiles
	my compareCipher(theFiles)
end open

on compareCipher(theFiles)
	try
		set clipboardContents to (the clipboard as text)
	on error
		set clipboardContents to ""
	end try
	repeat with theFile in theFiles
		set theName to name of (info for theFile)
		display dialog "What cipher would you like to use to verify “" & theName & "”?" default answer ¬
			"sha1" with icon (((path to me as text) & "Contents:Resources:droplet.icns") as alias)
		set cipherType to text returned of result
		
		display dialog "Enter the " & cipherType & " digest to verify “" & theName & "” against:" default answer clipboardContents ¬
			with icon (((path to me as text) & "Contents:Resources:droplet.icns") as alias)
		set goodCipherdigest to text returned of result
		
		set fileCipherdigest to last word of (do shell script "/usr/bin/openssl " & cipherType & " \"" & (POSIX path of theFile) & "\"")
		
		if goodCipherdigest = fileCipherdigest then
			display dialog "✅The " & cipherType & " digest of “" & theName & "” has been successfully verified." with icon note buttons {"OK"} default button {"OK"}
		else
			display dialog "❌The " & cipherType & " digest of “" & theName & "” CANNOT be verified – do not use this file, or exercise extreme caution when doing so." with icon stop buttons {"OK"} default button {"OK"}
		end if
	end repeat
end compareCipher
4 Likes

Thanks, @jzw your AppleScript works perfect ! I only had to remember that the checksum was SHA256 and everything worked like a charm :magic_wand:

1 Like

Glad it’s useful to someone other than me! It wasn’t the case with this one, but a lot of the time when I decide to write a script, I end up in the situation from this classic xkcd comic:

2 Likes