Authenticate the consistency of downloaded files with their server versions

The OneKey GitHub repository serves as a vault for the open-source code of various OneKey offerings, including the executable files of our software suite, such as the OneKey App installation packages, and the firmware for the OneKey hardware wallets. When users download these official files from GitHub, they might encounter risks like interception, alteration, or damage to the files, which in turn could jeopardize the security of their cryptocurrency holdings. It is, therefore, of paramount importance to ensure that the files you've downloaded are identical to those hosted on the GitHub server.

This article will take the verification of the APK file consistency of the OneKey App Wallet as an example, guiding you through the process of verifying file consistency on different operating systems.

OneKey Hardware Wallet Firmware: 🔗

OneKey App Software Release: 🔗

Verification Principle

By using the SHA-256 cryptographic hash function, any length of data can be converted into a unique sequence of a fixed length (256 bits, or 32 bytes). When you perform an SHA-256 check on a file, it produces a distinct hash value, also known as a Checksum, regardless of the file's size. If the hash values of two files match perfectly, it confirms that the files are indeed the same.

Preparation for Verification

  • Download the desired file from GitHub.
  • Download the corresponding Checksum file from GitHub.


Verification Process

Below you'll find tailored instructions for verifying file integrity on Windows, macOS, and Linux operating systems.

macOS Windows Linux
  • Open the Terminal.
  • Type in the command:
    • shasum -a 256 /path/to/file


  • Open the SHA256SUMS file you downloaded earlier and compare the Checksum listed with the one generated.


  • If the Checksums match, the file's integrity is confirmed.
Was this article helpful?
2 out of 2 found this helpful