View Source

How to verify a checksum

Unfortunately, the potential one-line solution: sha1sum -c filename.jar.sha1 doesn't work because it incorporates the filename into the calculation.

calculate the checksum:

linux$ sha1sum commons-logging-1.0.4.jar
f029a2aefe2b3e1517573c580f948caac31b1056 *commons-logging-1.0.4.jar

or

macorlinux$ openssl dgst -sha1 commons-logging-1.0.4.jar
SHA1(/Maven 2 Repo/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar)= f029a2aefe2b3e1517573c580f948caac31b1056

If you're on Windows, Cygwin has the md5 and sha1 utilities: http://www.cygwin.com

then compare with the externally supplied checksum:

$ cat commons-logging-1.0.4.jar.sha1
f029a2aefe2b3e1517573c580f948caac31b1056