Signature and checksum hashes for windows 10

[moneybank4u]

How do I verify the signature and checksum hashes on the windows 10? How do the whole process work for windows 10. I want to download the   "Electron-Cash-2.9.2.exe" from "https://www.bitcoincash.org/" to get the BCH in the wallet. Before downloading the file, I want to check the authenticity of the files as this protects me from hackers and malware.  I am aware that there is some tool available on microsoft.com but not sure how to do it. If there is any other way to do it I am open to it. Anyone who has done this or has good knowledge can give me a step by step guide for my windows 10 pc.

[efeaydin]

Windows 10 has a built-in feature for this. You can use CertUtil to find hash of a file.
Type:
CertUtil "FilePath" MD5 (you can use md2,3,4,5-sha1,256,384,512)

Then check the hash from the website.

[moneybank4u]

thanks for the quick info..I am sorry I am a noob. Can anyone help me with some detailed steps?

[efeaydin]

thanks for the quick info..I am sorry I am a noob. Can anyone help me with some detailed steps?

I thought the checksum was MD5 or SHA. It is PGP.

There is a tutorial which explains how to check it from .asc file.

https://www.openoffice.org/download/checksums.html#pgp_win

[HCP]

I thought the checksum was MD5 or SHA. It is PGP.

The SHA1sum is available here: https://github.com/fyookball/keys-n-hashes/tree/master/sigs-and-sums/2.9.2/win-linux

If you have a copy of 7zip installed, you can use that to generate the SHA1sum for the downloaded file... and compare with the one from github... that will let you be sure that your downloaded file is the untampered with...

To be honest, the PGP signature is a bit useless... it'll only confirm that it was signed by the somewhat "anonymous" user that is creating the binaries... which doesn't really guarantee anything

[moneybank4u]

Thanks for the quick reply. I wanted to check it using "Microsoft File Checksum Integrity Verifier tool". Can someone guide me with this?

[HCP]

Read the instructions here: https://support.microsoft.com/en-us/help/841290/availability-and-description-of-the-file-checksum-integrity-verifier-u

Basically it'll be a command like this:

Code:

fciv.exe -sha1 Electron-Cash-2.9.2.exe

You run that on the commandline, in the directory where you downloaded Electron-Cash-2.9.2.exe (or whatever ElectronCash installer you downloaded)... then make sure that the generated SHA1 that it displays is the same as in the appropriate .txt file from the github link my previous post.

5a3577e5e0a17057458a47e16a4b89e400dcc1fc  Electron-Cash-2.9.2.exe

[moneybank4u]

I figured it out through another app(hash checker and hash me) available on windows store which is much easier to use. Thanks a ton for your help.