Table of Contents

How to check the checksum Windows macOS Linux Android

Verifying your BitBoxApp download helps ensure it’s authentic and untampered.

While recommended, it’s not critical—your BitBox02 stays secure even if the computer is compromised, as it never trusts the app. For full security, only enter your recovery words on the BitBox02 itself.

How to check the checksum

Follow these general steps first, then see the specific instructions for your operating system below.

  1. Download the latest version of the BitBoxApp from our official website.
  2. On the download page, click the Show checksums located just below the download button. A list will appear showing the official checksums.
  3. Follow the instructions for your operating system to generate the checksum of your downloaded file and compare it to the official value on the website.

Windows

  1. Open the Command Prompt. You can do this by pressing Windows + R, typing cmd, and pressing Enter.
  2. Type certutil -hashfile (with a space at the end).
  3. Drag and drop the downloaded .exe installer file into the Command Prompt window.
  4. Add SHA256 to the end of the command.
    1. The full command will look similar to this: 
      certutil -hashfile "C:\Users\YourUser\Downloads\BitBox-installer.exe" SHA256
  5. Press Enter and compare the generated hash with the one on the BitBox website.

Note: You must add SHA256 at the end of the command, otherwise it will use a different algorithm and the checksum will not match.

 

macOS

  1. Open the Terminal app (you can find the Terminal application in Launchpad or search for it with Spotlight).
  2. Type shasum -a 256 (with a space at the end).
  3. Drag and drop the downloaded .dmg file into the Terminal window. The path will be added automatically.
    1. Alternatively, you can manually enter the full or relative file location. For example, the command may look like this:

      shasum -a 256 /Users/satoshi/Downloads/BitBox-4.47.0-macOS.dmg
       
  4. Press Enter. Compare the resulting hash to the one on the BitBox website.

Important: On macOS, you must check the downloaded .dmg file, not the application file inside it.

 

Note: macOS automatically checks the app’s signature upon installation and will show a warning if something is wrong. If you trust this built-in process, manual verification is not strictly necessary.

 

Linux

  1. You can follow the macOS instructions for most Linux distributions:
    1. Open a terminal window.
    2. Use the command shasum -a 256 or sha256sum (depending on your distribution), followed by the path to the downloaded file.
    3. Press Enter and compare the output to the checksum on the BitBox website.

Android

You can verify the file on your desktop computer using the instructions above, or directly on your Android device using a hash verification app, like; 

Alternatively, you can download and verify the APK file directly on your Desktop computer and follow the above guides accordingly. We also provide signature files of the Android releases on our GitHub page, which we recommend verifying on a Desktop device. 

To continue on your Android device:

  1. Open the verification app (e.g. DeadHash or Hash Droid, other apps will offer similar functionality).
  2. In the verification app, select SHA-256 as the algorithm.
  3. Select the downloaded BitBoxApp .apk file.
    1. It should look like: BitBox-4.xx.x-android.apk
  4. The app will generate the file's checksum. Compare this value to the official checksum on the BitBox website to ensure they match.
    1. If the app requires you to enter a checksum value for comparison, copy and paste it from the checksum section on the BitBox website.

 

 

Related Articles

Was this article helpful?

Give feedback about this article