I recently wanted to verify the hash of a file, named
setup.exe, that was provided in a GnuPG signature file, named
setup.txt.
I used the PowerShell code below to verify the expected SHA-256 hash contained within the
setup.txt file against the actual hash of the
setup.exe file. You can use this script by modifying the first two lines for your needs, i.e. the filenames.
|
$exeFilename = "setup.exe" $sigFilename = "setup.txt" $algorithm = $algorithm = (cat $sigFilename | Select-String -Pattern "(?<=Hash: ).*$").Matches.Value.Trim() $expectedFileHash = (cat $sigFilename | Select-String -Pattern "^.*(?=( $exeFilename))").Matches.Value $actualFileHash = (Get-FileHash -Algorithm $algorithm $exeFilename).Hash.Trim() ($expectedFileHash -eq $actualFileHash) ? "Hashes match" : "Hashes do not match" |
This code/script was modified from https://www.christopherkeim.com/post/verify-file-hash-with-powershell.
Note that the GnuPG signature file, i.e.
setup.txt, had the following format:
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 setup.exe -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 RG8geW91IGhhdmUgdG8gZGVhbCB3aXRoIEJhc2U2NCBmb3JtYXQ/IFRoZW4gdGhp cyBzaXRlIGlzIHBlcmZlY3QgZm9yIHlvdSEgVXNlIG91ciBzdXBlciBoYW5keSBv ZGUgb3IgZGVjb2RlIHlvdXIgZGF0YS4= =abcd -----END PGP SIGNATURE----- |
I also used regex help from:
- regex – Regular Expression to select everything before and up to a particular text – Stack Overflow.
- java – Getting the text that follows after the regex match – Stack Overflow