Table of Contents

6.10.1 Calculate hash value of a file

In the present project, you can select a file in the dialogue and calculate the special SHA256 hash value of the file. As an extension, you can compare the calculated hash value with the known hash value of the selected file - if you know it.

As an example, you will be shown how to check the integrity of an ISO image that is already in the download directory.

B0
Figure 6.10.1.1: Checking the integrity of ISO images

For the linuxmint-18.3-cinnamon-64bit.iso file, you can get the hash value from the sha256sum.txt file, which you copy to the download directory using the following command:

wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/18.3/sha256sum.txt -O $HOME/Downloads/sha256sum.txt

This line from the contents of the file is important:

...
ecebdf9ac4697b6c2d7feffd1bc5430641bca67c7df122fa2914824dc8844b3a *linuxmint-18.3-cinnamon-64bit.iso
...

First enter the hash value of the Mint 18.3 version in the yellow text field. Then select the appropriate ISO file in the download directory in the dialogue. The comparison of the calculated SHA256 hash value and the value from the Mint website in the file sha256sum.txt was successful!

Note that calculating the hash value for a 2GB file, for example, may well take a few seconds!

6.10.1.1 Digression

For checking authenticity, the same source returns with this command in a console:

wget https://ftp.heanet.ie/mirrors/linuxmint.com/stable/18.3/sha256sum.txt.gpg -O \
$HOME/Downloads/sha256sum.txt.gpg

the file sha256sum.txt.gpg. The following command checks whether the file sha256sum.txt is correctly signed by Mint:

hans@mint-183 ~/Downloads $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature of Wed 13 Dec 2017 17:16:15 CET using RSA key ID A25BAE09.
gpg: Correct signature of "Linux Mint ISO Signing Key <root@linuxmint.com>".
gpg: WARNING: This key does not carry a trusted signature!
gpg: There is no indication that the signature really belongs to the alleged owner.
Main fingerprint = 27DE B156 44C6 B3CF 3BD7 D291 300F 846B A25B AE09
hans@mint-183 ~/Downloads $

The warning “There is no indication that the signature really belongs to the alleged owner.” is justified - here is the quick check in a console for the ID given above:

hans@mint-183 ~/Downloads $ gpg --list-key --with-fingerprint A25BAE09
pub   4096R/A25BAE09 2016-06-07
      Schl.-Fingerprint = 27DE B156 44C6 B3CF 3BD7  D291 300F 846B A25B AE09
uid   Linux Mint ISO Signing Key <root@linuxmint.com>

6.10.1.2 Project - source code

The source code is given in full:

' Gambas class file
' A hash process generates a number from a string in a file.
 
Public sOriginalText As String
Private sFilePath As String = User.Home
 
Public aDigestList As String[]
Public aCipherList As String[]
 
Public Sub Form_Open()
  FMain.Center()
  FMain.Caption = "Calculation of SHA256 hash value for files"
  FMain.Resizable = False
  txaText.Wrap = True
  DigestSupportedSHA256()
End
 
Public Sub DigestSupportedSHA256()
  txaText.Clear()
  If Digest.IsSupported("SHA256") = True Then
     txaText.Text = "\nThe system supports 'SHA256'!"
  Else
     txaText.Text = "\nThe system does not support 'SHA256'!"
  Endif
End
 
Public Sub btnDigestFromFile_Click()
 
  Dim sPath As String
  Dim vRawData As Variant
 
  Dialog.Title = ("Select a file!")
  Dialog.Path = sFilePath
  If Dialog.OpenFile() Then Return
  sPath = Dialog.Path
 
  txaText.Clear()
  Inc Application.Busy
    vRawData = Digest["SHA256"].Hash(File.Load(sPath)) ' Attention! Highly compressed source code
  Dec Application.Busy
 
  txaText.Clear()
  txaText.Text = "\nSHA256 hash for the file '" & File.Name(Dialog.Path) & "'\n\n"
  txaText.Text &= "Format hexadecimal:" & gb.NewLine
  txaText.Text &= StringToHex(vRawData) & gb.NewLine
 
  If txbCheck.Text Then
     If StringToHex(vRawData) = txbCheck.Text Then
        txaText.Text &= Subst("\n&1 '&2' &3", ("The check of the file"), File.Name(sPath), ("was successful!"))
     Else
        txaText.Text &= Subst("\n&1 '&2' &3", ("The check of the file"), File.Name(sPath), ("was *not* successful!"))
     Endif
  Endif
 
  Catch
    Message.Error(sPath & " not available.\n" & Error.Text)
 
End
 
Private Function StringToHex(sString As String) As String
 
  Dim iByte As Byte
  Dim sResult As String
 
  For Each iByte In Byte[].FromString(sString)
    sResult &= Lower$(Hex$(CLong(iByte), 2))
  Next
 
  Return sResult
 
End
 
Public Sub btnClose_Click()
  FMain.Close()
End

Download