Table of Contents

Before you begin What checksum verification confirms Verify the checksum on Windows Verify the checksum on macOS Verify the checksum on Linux Alternative command on Linux Verify the checksum on Android Compare the checksum If the checksum does not match FAQ What is the difference between checksum and signature verification? Do I need to verify the checksum to use the BitBoxApp? Where can I find the official SHA-256 checksum? Which file should I verify? Can I verify the checksum after installing the BitBoxApp? What should I do if the checksum does not match?

Verify the SHA-256 checksum of the BitBoxApp package you downloaded before installing or running it. This confirms that the downloaded file matches the file published by BitBox.

Checksum verification is optional, but it is useful if you want an additional check before opening the downloaded file.

Before you begin

Before you verify the checksum, make sure you have the downloaded package file and the matching SHA-256 checksum published by BitBox.

  • Download the BitBoxApp only from the official BitBoxApp download page.
  • Save the downloaded BitBoxApp package locally on your device.
  • On the download page, select Show checksums below the download button to view the official SHA-256 checksums.

You can also find BitBoxApp packages and their SHA-256 checksums in the official BitBoxApp GitHub releases repository. Open the release that matches your BitBoxApp version. Expand Assets to view the available packages and their SHA-256 checksums.

Downloaded package file

Verify the file you downloaded, such as the Windows installer, macOS DMG file, Linux package, AppImage, or Android APK. Do not verify the installed BitBoxApp or extracted contents.

What checksum verification confirms

A SHA-256 checksum is a unique fingerprint calculated from a file. If the checksum generated on your device matches the checksum published by BitBox, the downloaded package is bit-for-bit identical to the original file.

Signature verification is a separate advanced check that confirms who signed the package.

Choose your operating system:

Verify the checksum on Windows

On Windows, use Command Prompt to calculate the SHA-256 checksum of the downloaded BitBoxApp installer.

  1. Press Windows + R.
  2. Type cmd and press Enter to open Command Prompt.
  3. Type the following command, then add a space:
certutil -hashfile
  1. Add the file path of the downloaded BitBoxApp installer. You can drag and drop the file into the Command Prompt window to insert the path.
  2. Add a space, then type:
SHA256

Example command:

certutil -hashfile "C:\Users\YourName\Downloads\BitBox-installer.exe" SHA256
  1. Press Enter.

Example output:

SHA256 hash of C:\Users\YourName\Downloads\BitBox-installer.exe:
<SHA-256 checksum>
CertUtil: -hashfile command completed successfully.

Verify the checksum on macOS

On macOS, use Terminal to calculate the SHA-256 checksum of the downloaded BitBoxApp DMG file.

  1. Open Terminal.
  2. Type the following command, then add a space:
shasum -a 256
  1. Add the file path of the downloaded BitBoxApp DMG file. You can drag and drop the DMG file into the Terminal window to insert the path.

Example command:

shasum -a 256 /Users/YourName/Downloads/BitBox-4.47.0-macOS.dmg
  1. Press Enter.

Example output:

<SHA-256 checksum>  /Users/YourName/Downloads/BitBox-4.47.0-macOS.dmg

Verify the checksum on Linux

On Linux, use a terminal to calculate the SHA-256 checksum of the downloaded BitBoxApp package or AppImage.

  1. Open a terminal.
  2. Type the following command, then add a space:
sha256sum
  1. Add the file path of the downloaded BitBoxApp package or AppImage. You can drag and drop the file into the terminal window to insert the path.

Example command:

sha256sum /home/user/Downloads/BitBox-4.47.0-x86_64.AppImage
  1. Press Enter.

Example output:

<SHA-256 checksum>  /home/user/Downloads/BitBox-4.47.0-x86_64.AppImage

Alternative command on Linux

If sha256sum is not available, use shasum -a 256 instead.

shasum -a 256 /home/user/Downloads/BitBox-4.47.0-x86_64.AppImage

This command produces the same type of SHA-256 checksum output.

Verify the checksum on Android

You can verify the BitBoxApp APK on a desktop computer by using the Windows, macOS, or Linux steps above. You can also verify it directly on your Android device with a SHA-256 hash verification app.

Recommended Android apps:

  1. Open the SHA-256 hash verification app on your Android device.
  2. Select SHA-256 as the algorithm.
  3. Choose the downloaded BitBoxApp APK file.
  4. Compare the generated checksum with the SHA-256 checksum shown on the BitBox download page or in the GitHub release assets.

If the app requires manual input, copy the checksum directly from the BitBox download page or from the matching asset in the official BitBoxApp GitHub releases repository.

Compare the checksum

Compare the checksum generated on your device with the SHA-256 checksum shown on the BitBox download page or in the GitHub release assets.

The checksum matches if both values are exactly the same.

If the checksum does not match

A checksum mismatch means the downloaded file does not match the checksum published by BitBox. Do not continue with that file.

Do not use the downloaded package

Do not open, install, or run the downloaded file if the checksum does not match. Delete it and download the BitBoxApp again from the official BitBoxApp download page.

If the checksum still does not match after downloading the file again, contact BitBox Support before continuing.

FAQ

What is the difference between checksum and signature verification?

Checksum verification confirms that the downloaded file matches the file published by BitBox. It checks file integrity.

Signature verification confirms who signed the package. It is a separate advanced check that verifies the package was signed by Shift Crypto.

Do I need to verify the checksum to use the BitBoxApp?

No. Checksum verification is optional. It is an additional check for users who want to confirm that the downloaded BitBoxApp package matches the file published by BitBox.

Where can I find the official SHA-256 checksum?

You can find the official SHA-256 checksum on the BitBoxApp download page by selecting Show checksums. You can also find SHA-256 checksums in the official BitBoxApp GitHub releases repository by opening a release and expanding Assets.

Which file should I verify?

Verify the downloaded BitBoxApp package file. Depending on your operating system, this can be the Windows installer, macOS DMG file, Linux package, AppImage, or Android APK.

Do not verify the installed BitBoxApp or extracted contents.

Can I verify the checksum after installing the BitBoxApp?

No. Verify the checksum of the downloaded installer or package before opening or installing it. After installation, verify the original downloaded package rather than the installed application.

What should I do if the checksum does not match?

Do not open, install, or run the file. Delete it and download the BitBoxApp again from the official BitBoxApp download page. If the checksum still does not match, contact BitBox Support before continuing.

Related Articles

Was this article helpful?

Give feedback about this article