How do I validate the integrity of a downloaded file?

Checking SHA1 or MD5 checksums

When downloading files from the internet, it’s very important to verify that the file you downloaded IS in fact the file you EXPECTED to download. Authors of software typically zip up their software and then calculate a “checksum” based on the contents, and post that checksum next to the link to download the file. YOU should then re-calculate the checksum on the file AFTER downloading, and compare to be sure that the checksum YOU calculated matches the one posted by the author. If they don’t match, then you should NOT use the downloaded file, because it may have been tampered with. In such cases you should also report the discrepancy to the author so they can investigate the tampering or fix a mistake.

See the useful tools page for a list of checksum validation tools.



Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified September 13, 2020 by Scott C Wilson (0271e06c).