Skip to main content

UKey Official Guide: Release File Integrity and Consistency Verification

U
Written by UKey Wallet

UKey's various software client installation packages and hardware firmware codes are hosted on the official GitHub repository. When downloading these digital products through the public network, the data transmission process may objectively face security risks such as hijacking by middlemen, malicious tampering, or data damage caused by network packet loss.

To ensure that the underlying operating environment of your digital assets is not subject to security threats, UKey officials strongly recommend that users perform SHA-256 consistency verification before installing any executable files.

1. Principle of cryptography verification

SHA-256 (Secure Hash Algorithm) is a standard cryptographic hash function. It can perform one-way operations on input files of any size and output a fixed-length (256-bit, Typically expressed as a unique hash digest (Checksum) of 64 hexadecimal characters).

  • uniqueness: Even if just one byte in the file is tampered with, the resulting hash will be fundamentally altered.

  • Proof of consistency: If the file hash value you calculate locally is exactly the same as the hash value published by the UKey official server, It can be mathematically confirmed that the local file is the original version that is complete and has not been tampered with by any third party.

2. Preparation for verification

  1. Visit the UKey official GitHub Releases page.

  2. Download the software or firmware target file you need (for example: UKey Wallet client installation package).

  3. On the same version release page, download the officially provided hash check value list file (usually named SHA256SUMS or attached to the imprint text).

3. Local verification operation guide for each operating system

Please start the command line tool according to the operating system you are currently using and enter the corresponding system native instructions to perform hash operations. After the operation is completed, the output hash value will be compared with the officially downloaded SHA256SUMS Compare file contents.

1. Windows system environment

  • step one: Press the keyboard shortcut Windows + R Bring up the "Run" window.

  • Step 2:Input cmd And click "OK" to start the command prompt.

  • Step 3: Enter the following command and execute it (please replace c:\path\to\file.exe Replace with the actual absolute path to your local file): certutil -hashfile c:\path\to\file.exe SHA256

  • Step 4: Check the hash sequence returned by the command line. If it is consistent with the official data, the verification passes.

2. macOS system environment

  • step one: Open the "Terminal" application in the system.

  • Step 2: Enter the following command and execute it (tip: enter shasum -a 256 Add a space after it, and then drag the downloaded file directly into the terminal window, the system will automatically generate the correct file path): shasum -a 256 /path/to/file

  • Step 3: Check the hash sequence returned by the terminal. If it is consistent with the official data, the verification passes.

3. Linux system environment

  • step one: Start the system command line terminal.

  • Step 2: Enter the following command and execute it (please replace /path/to/file Replace with the actual path to your local file): sha256sum /path/to/file

  • Step 3: Check the hash sequence returned by the terminal. If it is consistent with the official data, the verification passes.

Did this answer your question?