The OneKey GitHub repository serves as a vault for the open-source code of various OneKey offerings, including the executable files of our software suite, such as the OneKey App installation packages, and the firmware for the OneKey hardware wallets. When users download these official files from GitHub, they might encounter risks like interception, alteration, or damage to the files, which in turn could jeopardize the security of their cryptocurrency holdings. It is, therefore, of paramount importance to ensure that the files you've downloaded are identical to those hosted on the GitHub server.
This article will take the verification of the APK file consistency of the OneKey App Wallet as an example, guiding you through the process of verifying file consistency on different operating systems.
OneKey Hardware Wallet Firmware: 🔗 github.com/OneKeyHQ/firmware/releases
OneKey App Software Release: 🔗 github.com/OneKeyHQ/app-monorepo/releases
Verification Principle
By using the SHA-256 cryptographic hash function, any length of data can be converted into a unique sequence of a fixed length (256 bits, or 32 bytes). When you perform an SHA-256 check on a file, it produces a distinct hash value, also known as a Checksum, regardless of the file's size. If the hash values of two files match perfectly, it confirms that the files are indeed the same.
Preparation for Verification
- Download the desired file from GitHub.
- Download the corresponding Checksum file from GitHub.
Verification Process
Below you'll find tailored instructions for verifying file integrity on Windows, macOS, and Linux operating systems.
- Open the Terminal.
- Type in the command:
-
shasum -a 256 /path/to/file
-
- Open the SHA256SUMS file you downloaded earlier and compare the Checksum listed with the one generated.
- If the Checksums match, the file's integrity is confirmed.
- Press Windows+R to bring up the Run dialog.
- Type cmd and click 'OK' to open the Command Prompt.
- Enter the command:
-
crtutil -hashfile c:\path\to\file.exe SHA256
-
- Open the SHA256SUMS file you downloaded earlier and compare the Checksum listed with the one generated.
- If the Checksums match, the file's integrity is confirmed.
- Open the Terminal.
- Type in the command:
-
sha256sum /path/to/file
-
- Open the SHA256SUMS file you downloaded earlier and compare the Checksum listed with the one generated.
- If the Checksums match, the file's integrity is confirmed.