How and were do you find/calculate the file hashes? - Githubissues

rzander / ruckzuck

software package manager for windows

https://ruckzuck.tools

Microsoft Public License

221 stars 20 forks source link

How and were do you find/calculate the file hashes? #227

Closed x0tester0x closed 1 year ago

x0tester0x commented 1 year ago

How and were do you find/calculate the file hashes?

rzander commented 1 year ago

A File-Dialog will pop up if you leave the URL Field in RuckZuck.exe (when you edit/create a package)... Then you have to select the previously downloaded File. It will use the X509 signature or the MD5 Hash if no signature exists. Additionally, the File Size is also stored (not visible in the GUI).

x0tester0x commented 1 year ago

Can the file hash not be uniquely (also calculated) SHA256?

rzander commented 1 year ago

Let's take FireFox as an example, where ruckzuck does download the installer based on the language of the os... The File-Hash would be different for every language... That's why the X509 Signature is used to validate the integrity of the file.

x0tester0x commented 1 year ago

Ok, I understand With the Get-AuthenticodeSignature PowerShell Command I can check that.

x0tester0x commented 1 year ago

The X509 Signature changes when a new version is released, correct?

rzander commented 1 year ago

No, only when the vendor is changing the code-signing certificate...