Verifying Your Downloaded File

  • 7021968
  • 01-Jun-2006
  • 02-Mar-2018

Environment

All Attachmate Products (except mobile apps)

Situation

Product files are provided with a digital signature or secure hash. This technical note describes how to verify a downloaded file is from the original publisher, complete, and unaltered.

Resolution

Windows Executable Files

The digital signature of a Windows executable file (a file with an .exe extension) can be verified after the file has been downloaded and saved:

  1. In your Downloads folder (in Windows Explorer), right-click the downloaded .exe file and click Properties.
  2. Click the Digital Signatures tab.

Note: The Digital Signatures tab may not display for any of the following reasons:

    • You are using Windows XP or Windows Server 2003 and the file is signed using SHA-2 (SHA256). This hash, used on files released after March 2015, is not supported by the older operating systems. To workaround this issue, use the verification process for UNIX/Linux Files instead. To partially resolve this issue (enable the Digital Signatures tab), install the fix described in Microsoft KB968730, but see also the Note in step 4 below.
    • You are using Windows XP and the file is larger than 300 MB. For more information about this issue and using alternative .NET Framework SDK utilities, see http://support.microsoft.com/kb/922225. This issue is resolved in newer Windows operating systems.
    • The file has been corrupted or altered. Try re-downloading the file.
    • The file is not digitally signed. If a hash value is displayed on the download website, instead use the verification process for UNIX/Linux Files.
  1. Select “Micro Focus Limited,” "Attachmate Corporation" or "WRQ" in the Signature list and click Details.
  2. After the file has been read, if the digital signature is correct, at the top of the General tab, you will see "Digital Signature Information: This digital signature is OK."

Note: When verifying files (released after March 2015, using SHA-2 certificate) on Windows XP or Windows Server 2003:

    • You may see “Digital Signature Information: The integrity of the certificate that signed this file cannot be guaranteed. The certificate may be corrupted or may have been altered.” To resolve this issue with SHA1 digest algorithm, install the fix described in Microsoft KB938397.
    • If you installed the fix described in Microsoft KB968730, even though the signature is valid with SHA256 digest algorithm, you may still see “Digital Signature Information: This digital signature is not valid.”

UNIX/Linux Files

Follow these steps to verify a secure hash value:

  1. Before you download the file, on the download website, note the SHA-1 hash (40 characters), MD5 hash (32 characters), or SHA256 hash (64 characters) displayed above the license agreement check box.
  2. After downloading the file, run your UNIX/Linux sha1, sha1sum, md5, sha256sum, or hash command utility on the downloaded file to calculate its hash.
  3. Verify the hash values from steps 1 and 2 match exactly. You may want to copy and paste the hash values into a text editor for easy comparison.

If the values do not match, your download may be incomplete or corrupted; try downloading again. If the values still do not match, contact Customer Care.

Additional Information

Legacy KB ID

This article was originally published as Attachmate technical note 1988.