I’m late to the discussion, but for anyone interested in yet another option… Many years ago I wrote a simple AppleScript droplet that allows you to drop a file on it, and it will compare the file’s checksum with a string in the clipboard. So I copy the checksum to my clipboard (usually from the download website), then drop the file on the app (which I keep in my Dock). It displays a dialogue saying either checksums match or that they don’t. Anyone who wants to use it can download it here (it can be opened in Script Editor if you want to inspect the code):
Or create a new script in Script Editor (or the excellent Script Debugger) and paste in the following code. Once saved, I set the app to have a padlock icon so it’s a clear target in the Dock, but you can paste whatever icon you want onto the app (after it’s saved – Script Editor resets icons to be generic on save for some reason).
(* Verify file checksum
*
* This script compares a provided checksum/digest string to the checksum produced by openssl run on a file.
*
* author: Jolin Warren <software at OakAndApple.org>
* date: 3 December 2021
* version: 2.0
*
* 2.0 (3-12-2021): removed hardcoded sha1 to allow specifying cipher to use when run
*
* 1.0 (12-2-2008): initial release
*)
on run
set theFiles to choose file with prompt "Select which disk image’s cipher digest you want to verify:" of type {"devi", "com.apple.disk-image"} ¬
default location (path to downloads folder) with multiple selections allowed without invisibles
my compareCipher(theFiles)
end run
on open theFiles
my compareCipher(theFiles)
end open
on compareCipher(theFiles)
try
set clipboardContents to (the clipboard as text)
on error
set clipboardContents to ""
end try
repeat with theFile in theFiles
set theName to name of (info for theFile)
display dialog "What cipher would you like to use to verify “" & theName & "”?" default answer ¬
"sha1" with icon (((path to me as text) & "Contents:Resources:droplet.icns") as alias)
set cipherType to text returned of result
display dialog "Enter the " & cipherType & " digest to verify “" & theName & "” against:" default answer clipboardContents ¬
with icon (((path to me as text) & "Contents:Resources:droplet.icns") as alias)
set goodCipherdigest to text returned of result
set fileCipherdigest to last word of (do shell script "/usr/bin/openssl " & cipherType & " \"" & (POSIX path of theFile) & "\"")
if goodCipherdigest = fileCipherdigest then
display dialog "✅The " & cipherType & " digest of “" & theName & "” has been successfully verified." with icon note buttons {"OK"} default button {"OK"}
else
display dialog "❌The " & cipherType & " digest of “" & theName & "” CANNOT be verified – do not use this file, or exercise extreme caution when doing so." with icon stop buttons {"OK"} default button {"OK"}
end if
end repeat
end compareCipher