Menu
What's new
By:
Filters Better Search

SHA 256 Verification failure?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

H

Howard_inGA

Senior Member
While trying to check my download signatures in both CMD or Powershell in Win 11, I'm getting a failure that I can't pinpoint. Here is the command used and the returned result. Note that they are the same in both, and fail when used on the trx file itself or the zip file.

Powershell-
PS C:\Users\howar> certutil -hashfile C:\Users\howar\Downloads\Computer Items\Router Info\ASUS RT-AC5300\RT-AC5300_386.11_0.zip sha256
Expected no more than 2 args, received 5
CertUtil: Too many arguments

Usage:
CertUtil [Options] -hashfile InFile [HashAlgorithm]
Generate and display cryptographic hash over a file

Options:
-Unicode -- Write redirected output in Unicode
-gmt -- Display times as GMT
-seconds -- Display times with seconds and milliseconds
-v -- Verbose operation
-privatekey -- Display password and private key data
-pin PIN -- Smart Card PIN
-sid WELL_KNOWN_SID_TYPE -- Numeric SID
22 -- Local System
23 -- Local Service
24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -? -- Display a verb list (command list)
CertUtil -hashfile -? -- Display help text for the "hashfile" verb
CertUtil -v -? -- Display all help text for all verbs

PS C:\Users\howar>

CMD Prompt-
C:\Windows\System32>certutil -hashfile C:\Users\howar\Downloads\Computer Items\Router Info\ASUS RT-AC5300\RT-AC5300_386.11_0.zip SHA256
Expected no more than 2 args, received 5
CertUtil: Too many arguments

Usage:
CertUtil [Options] -hashfile InFile [HashAlgorithm]
Generate and display cryptographic hash over a file

Options:
-Unicode -- Write redirected output in Unicode
-gmt -- Display times as GMT
-seconds -- Display times with seconds and milliseconds
-v -- Verbose operation
-privatekey -- Display password and private key data
-pin PIN -- Smart Card PIN
-sid WELL_KNOWN_SID_TYPE -- Numeric SID
22 -- Local System
23 -- Local Service
24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -? -- Display a verb list (command list)
CertUtil -hashfile -? -- Display help text for the "hashfile" verb
CertUtil -v -? -- Display all help text for all verbs

Any ideas as to what I'm doing wrong?
 
ColinTaylor said:
I believe certutil verifies certificates. I don't think it calculates checksums.
Click to expand...
Anyone know how to verify the chksums and file integrity??
 
Howard_inGA said:
Anyone know how to verify the chksums and file integrity??
Click to expand...
On my Mac:

Code: 
cd /xxx/xxx/Downloads/GT-AX6000_388/

echo "59a7377f3b3a7d61b74ea9a6d12d0c4793020da8fe3c8c74aec174731e3f28cd  RT-AC68U_386.11_0.trx" | shasum -a 256 --check
 
I stand corrected...

Code: 
D:\>certutil -hashfile testfile.dat SHA256
SHA256 hash of testfile.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.

I think your problem was the spaces in the filename. You probably need to quote it.
Code: 
D:\>certutil -hashfile "test file.dat" SHA256
SHA256 hash of test file.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.
 
ColinTaylor said:
I stand corrected...

Code: 
D:\>certutil -hashfile testfile.dat SHA256
SHA256 hash of testfile.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.

I think your problem was the spaces in the filename. You probably need to quote it.
Code: 
D:\>certutil -hashfile "test file.dat" SHA256
SHA256 hash of test file.dat:
95c2e38c1bab6425ae988aa7d5da9f0f4df126486a222c55d5ef194316bb8b60
CertUtil: -hashfile command completed successfully.
Click to expand...
So, this worked to get the cksum. However, the SHA's don't match for the .zip file and the result?? Here is what I saw:

C:\Users\h*****\Router Info\ASUS RT-AC5300>certutil -hashfile RT-AC5300_386.11_0.zip SHA256
SHA256 hash of RT-AC5300_386.11_0.zip:
39d7ac6c2e3c0e0a6642451e76acd23258feb49be9c3d578d703cd0733e7275d
CertUtil: -hashfile command completed successfully.

Here is the signature from the download page:
95f53aa65962ec0c09c8a34b92b035fe8d89a98ed2f6ba58e635ff2475b268f7
and here is the download address for the zip: https://sourceforge.net/projects/asuswrt-merlin/files/RT-AC5300/Release/
I've tried downloading multiple times, but the SHA returns the same result with the discrepancy??

Ideas??
 
The SHA256 hash from the download page is for the .trx file. You are applying it to the whole compressed folder (.zip file)
 
Jaime Alvarez said:
The SHA256 hash from the download page is for the .trx file. You are applying it to the whole compressed folder (.zip file)
Click to expand...
Thank you, sir! It all checks now...

SHA256 hash of RT-AC5300_386.11_0.trx:
95f53aa65962ec0c09c8a34b92b035fe8d89a98ed2f6ba58e635ff2475b268f7
CertUtil: -hashfile command completed successfully.

The KEY TO THE WHOLE MESS is to use the cd command to select the directory where the file is stored. Then, just use
certutil -hashfile RT-AC5300_386.11_0.trx SHA256

THERE YOU HAVE IT...SHA MADE EASY??!-)
 
You can also use native Powershell command:
Code: 
Get-FileHash .\RT-AC5300_386.11_0.trx | Format-List
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
J keysize 256 problem Asuswrt-Merlin 4
G Asus RT-AC87U VPN cipher AES-256-GCM Asuswrt-Merlin 10
R How to fix ssh host key not a multiple of 256 Asuswrt-Merlin 5
D WAN IP and hostname verification not respecting interval Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 990 (members: 32, guests: 958)
Top