Skip to content

Download Integrity

The updater can verify the integrity of downloaded release files by comparing a computed hash against a server-provided expected value. This is a lightweight, setup-independent safety net that catches corrupted or accidentally mismatched downloads.

For higher-assurance deployments, combine this with Authenticode / publisher pinning.

Release checksum

Add a checksum object to a release entry in your server-side remote configuration:

{
    "releases": [
        {
            "name": "My Product",
            "version": "2.0.0",
            "downloadUrl": "https://example.com/setup.exe",
            "checksum": {
                "checksum": "d41d8cd98f00b204e9800998ecf8427e",
                "checksumAlg": "MD5"
            }
        }
    ]
}

Fields

Field Type Mandatory Description
checksum string Yes The expected hash digest as a lowercase hex string.
checksumAlg string Yes The hashing algorithm to use. Possible values: MD5, SHA1, SHA256.

The comparison is case-insensitive.

Algorithm recommendations

Prefer SHA256 for new configurations. MD5 and SHA1 are provided for compatibility but are not collision-resistant; they should not be used in security-sensitive environments.

If the computed hash does not match the expected value, the download is rejected and the update fails with exit code 115.

Self-updater checksum

You can also protect the self-updater binary download. Add a latestChecksum field to the instance block:

{
    "instance": {
        "latestVersion": "1.5.0",
        "latestUrl": "https://example.com/updater.exe",
        "latestChecksum": {
            "checksum": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
            "checksumAlg": "SHA256"
        }
    }
}

The self-updater module receives this value and verifies the downloaded binary before swapping it for the running updater.

Strict mode

When the updater is invoked with --strict-verification, a release that does not provide a checksum object is rejected immediately — even before the download begins. This enforces checksum presence as a policy requirement.

Code Description
115 Checksum mismatch — the computed hash of the downloaded file does not match the expected value.

See Exit Codes for the full list.