jprdonnelly/core
1
0
Fork 0
mirror of synced 2025-12-19 18:06:02 -05:00
Code Issues Projects Releases Wiki Activity
Files
8c8e5836c343f854b65437dfedb13598d3aa3707
core/Documentation/verifying-binaries.md
Rich Lander 8c8e5836c3 Fix linter errors in repo (#9689) 
* Fix linter errors

* Update links
2025-01-13 21:40:52 -08:00

65 lines
2.2 KiB
Markdown
Raw Blame History

# How to verifying .NET downloads
After downloading a .NET file, verify it for security by calculating the file's checksum on your computer and comparing it to the original checksum. This will verify the file has not been tampered with or corrupted.
## Examples
The verification process involves a few steps.
1. Download the checksum file for the release into the same directory as the installer you downloaded. Links to the checksum file are found in the Release Notes.
2. Then, compare the download checksum with the checksum value or file. If there is a match, the download is valid.
We'll use [.NET 7.0.5](https://github.com/dotnet/core/blob/main/release-notes/7.0/7.0.5/7.0.5.md) in the examples.
### Linux and MacOS
To see the downloaded file checksum for comparison:
`$ sha512sum dotnet-sdk-7.0.203-osx-x64.pkg`
You can then compare the checksum with the value provided after [downloading .NET](https://dot.net)
To compare against the checksum file provided for each .NET release:
Download checksum file using curl:
```bash
curl -O https://builds.dotnet.microsoft.com/dotnet/checksums/7.0.5-sha.txt
```
Verify the checksum matches:
```bash
sha512sum -c 7.0.5-sha.txt --ignore-missing
```
If the output states the file is valid ('OK'), then it's ready to use.
### Windows
To see the downloaded file checksum for comparison:
- In the cmd prompt - `certutil -hashfile dotnet-sdk-7.0.203-win-x64.exe SHA512`
- In PowerShell - `(Get-FileHash 'dotnet-sdk-7.0.203-win-x64.exe' -Algorithm SHA512).Hash`
You can then compare the checksum with the value provided after [downloading .NET](https://dot.net)
To compare against the checksum file provided for each .NET release:
You can use PowerShell to perform the the checksum comparison.
Download checksum file using `curl` (_`curl` is an alias of `Invoke-WebRequest`_):
```powershell
curl https://builds.dotnet.microsoft.com/dotnet/checksums/7.0.5-sha.txt -OutFile 7.0.5-sha.txt
```
Verify the checksum matches:
```powershell
(Get-Content .\7.0.5-sha.txt | Select-String "dotnet-sdk-7.0.203-win-x64.exe").ToString().Contains((Get-FileHash 'dotnet-sdk-7.0.203-win-x64.exe' -Algorithm SHA512).Hash.ToLower())
```
If the output states the file is valid ('True'), then it's ready to use.
Reference in New Issue View Git Blame Copy Permalink