How To Verify A Download On Mac
The Downloads Stack and Downloads Folder: By default in OS X Yosemite, downloaded content is. If you are sure that you downloaded the app installer from the official/verified source and that it has not been tempered with, you can skip the verification process altogether by removing the extended file attribute that causes FileVault to attempt to verify the application. Do this by executing the following command from terminal. How to verify checksum on a Mac - MD5, SHA1, SHA256, etc. Share ← → In this tutorial we will learn to find checksum of a downloaded file in Mac using the terminal. Download the file and get the checksum from the website. Next, depending on the checksum type apply the following checksums.
- Is your CAC reader Mac friendly? Visit the USB Readers page to verify the CAC reader you have is.
- How to find downloads on your Mac using Finder When the taskbar at the top of the screen says Finder (and it will when you are on your Mac's home screen), click File, then click New Finder Window.
- Check your Mac hardware. Make sure you’re ready to upgrade. Before you upgrade, we recommend that you back up your Mac. Then, if your Mac is running OS X Mavericks 10.9 or later, you can upgrade directly to macOS Catalina. Learn how to back up your Mac. Upgrading is free. And easier than you think.
When you upgrade to macOS Catalina, you get more of everything you love about Mac. Experience dedicated apps for music, TV, and podcasts. Smart new features in the apps you use every day. And Sidecar, which lets you use iPad as a second Mac display. Best of all, upgrading is free and easy.
Chances are, your Mac can run macOS Catalina.
Mac computers with Metal-capable graphics processors (GPUs) can upgrade to macOS Catalina.
Make sure you’re ready to upgrade.
Before you upgrade, we recommend that you back up your Mac. Then, if your Mac is running OS X Mavericks 10.9 or later, you can upgrade directly to macOS Catalina.
Upgrading is free. And easier than you think.
Upgrading from macOS Mojave?
Go to Software Update in System Preferences to find the macOS Catalina upgrade. Click Upgrade Now and follow the onscreen instructions to begin your upgrade. If you don’t have broadband access, you can upgrade your Mac at any Apple Store.
Upgrading from an older version of macOS?
If you’re running High Sierra (10.13), Sierra (10.12), or El Capitan (10.11), upgrade to macOS Catalina from the App Store. If you’re running Lion (10.7) or Mountain Lion (10.8), you will need to upgrade to El Capitan (10.11) first. If you don’t have broadband access, you can upgrade your Mac at any Apple Store.
- OS X 10.9 or later
- 4GB of memory
- 12.5GB of available storage (OS X El Capitan 10.11.5 or later)*
- Some features require an Apple ID; terms apply.
- Some features require a compatible internet service provider; fees may apply.
For details about your Mac model, click the Apple icon at the top left of your screen and choose About This Mac. These Mac models are compatible with macOS Catalina:
- MacBook (Early 2015 or newer)
- MacBook Air (Mid 2012 or newer)
- MacBook Pro (Mid 2012 or newer)
- Mac mini (Late 2012 or newer)
- iMac (Late 2012 or newer)
- iMac Pro (2017)
- Mac Pro (Late 2013 or newer)
Siri
Requires a broadband internet connection and microphone (built-in or external).
Hey Siri
Supported by the following Mac models:
- MacBook Pro (2018 or newer)
- MacBook Air (2018 or newer)
- iMac Pro
Dictation, Voice Control, and Voice Memos
Requires a microphone (built-in or external).
Spotlight Suggestions
Requires a broadband internet connection.
Gestures
Requires a Multi-Touch trackpad, Force Touch trackpad, Magic Trackpad, or Magic Mouse.
Force Touch gestures require a Force Touch trackpad.
VoiceOver gestures require a Multi-Touch trackpad, Force Touch trackpad, or Magic Trackpad.
Photo Booth
Requires a FaceTime or iSight camera (built-in or external), or USB video class (UVC) camera.
FaceTime
Audio calls require a microphone (built-in or external) and broadband internet connection.
Video calls require a built-in FaceTime camera, an iSight camera (built-in or external), or a USB video class (UVC) camera; and broadband internet connection.
Apple TV
High Dynamic Range (HDR) video playback is supported by the following Mac models:
- MacBook Pro (2018 or newer)
- iMac Pro (2017)
- Mac Pro (2019) with Pro Display XDR
Dolby Atmos soundtrack playback is supported by the following Mac models:
- MacBook Air (2018 or newer)
- MacBook Pro (2018 or newer)
Sidecar
Supported by the following Mac models:
- MacBook (2016 or newer)
- MacBook Air (2018 or newer)
- MacBook Pro (2016 or newer)
- Mac mini (2018 or newer)
- iMac (late 2015 or newer)
- iMac Pro (2017 or newer)
- Mac Pro (2019)
Supported by all iPad models with Apple Pencil support:
- 12.9-inch iPad Pro
- 11-inch iPad Pro
- 10.5-inch iPad Pro
- 9.7-inch iPad Pro
- iPad (6th generation or later)
- iPad mini (5th generation)
- iPad Air (3rd generation)
Continuity Camera
Requires an iPhone or iPad with a Lightning connector and iOS 12 or later.
Continuity Sketch and Continuity Markup
Requires an iPhone with iOS 13 or an iPad with iPadOS.
Handoff
Requires an iPhone or iPad with a Lightning connector and iOS 8 or later.
Instant Hotspot
Requires an iPhone or iPad with cellular connectivity, a Lightning connector, and iOS 8.1 or later. Requires Personal Hotspot service through your carrier.
Universal Clipboard
Requires an iPhone or iPad with a Lightning connector and iOS 10 or later.
Auto Unlock
Supported by Mac models introduced in mid 2013 or later.
Requires an Apple Watch with watchOS 3 or later or an iPhone 5 or later.
Approve with Apple Watch
Supported by Mac models introduced in mid 2013 or later.
Requires an Apple Watch with watchOS 6 or later or an iPhone 6s or later with iOS 13.
Apple Pay on the Web
Requires MacBook Pro with Touch Bar, an iPhone 6 or later with iOS 10 or later, or an Apple Watch with watchOS 3 or later.
Phone Calling
Requires an iPhone with iOS 8 or later and an activated carrier plan.
SMS
Requires an iPhone with iOS 8.1 or later and an activated carrier plan.
Home
Requires an iPhone with iOS 12 or later and a configured Home app.
AirDrop
AirDrop to iOS and iPadOS devices requires an iPhone or iPad with a Lightning connector and iOS 7 or later.
AirPlay
AirPlay Mirroring requires an Apple TV (2nd generation or later).
AirPlay for web video requires an Apple TV (2nd generation or later).
Peer-to-peer AirPlay requires a Mac (2012 or later) and an Apple TV (3rd generation rev A, model A1469 or later) with Apple TV software 7.0 or later.
Time Machine
Requires an external storage device (sold separately).
Power Nap
Supported by the following Mac models:
- MacBook (Early 2015 or newer)
- MacBook Air (Mid 2012 or newer)
- MacBook Pro with Retina display (Mid 2012 or newer)
- Mac mini (Late 2012 or newer)
- iMac (Late 2012 or newer)
- iMac Pro (2017)
- Mac Pro (Late 2013 or newer)
Boot Camp
Allows Boot Camp installations of Windows 10 on supported Mac models.
Exchange Support
Requires Microsoft Office 365, Exchange 2016, Exchange 2013, or Exchange Server 2010. Installing the latest Service Packs is recommended.
Windows Migration
Supports OS X 10.7 or later and Windows 7 or later.
App Store
Available only to persons age 13 or older in the U.S. and many other countries and regions.
- Apple Books
- Apple News
- App Store
- Automator
- Calculator
- Calendar
- Chess
- Contacts
- Dictionary
- DVD Player
- FaceTime
- Find My
- Font Book
- Home
- Image Capture
- Launchpad
- Maps
- Messages
- Mission Control
- Music
- Notes
- Photo Booth
- Photos
- Podcasts
- Preview
- QuickTime Player
- Reminders
- Safari
- Siri
- Stickies
- Stocks
- System Preferences
- TextEdit
- Time Machine
- TV
- Voice Memos
- Activity Monitor
- AirPort Utility
- Audio MIDI Setup
- Bluetooth File Exchange
- Boot Camp Assistant
- ColorSync Utility
- Console
- Digital Color Meter
- Disk Utility
- Grapher
- Keychain Access
- Migration Assistant
- Screenshot
- Screen Time
- Script Editor
- Sidecar
- System Information
- Terminal
- VoiceOver Utility
- Arabic
- Catalan
- Croatian
- Simplified Chinese
- Traditional Chinese
- Traditional Chinese (Hong Kong)
- Czech
- Danish
- Dutch
- English (Australia)
- English (UK)
- English (U.S.)
- Finnish
- French
- French (Canada)
- German
- Greek
- Hebrew
- Hindi
- Hungarian
- Indonesian
- Italian
- Japanese
- Korean
- Malay
- Norwegian
- Polish
- Brazilian Portuguese
- Portuguese
- Romanian
- Russian
- Slovak
- Spanish
- Spanish (Latin America)
- Swedish
- Thai
- Turkish
- Ukrainian
- Vietnamese
Electrum is one of Bitcoin’s oldest and best-known wallets. Users running this software are trusting their private keys to it. To reduce the risk of running malware, users can verify the authenticity of Electrum downloads before using them. This tutorial describes how to do so on OSX. A procedure for verifying Electrum on Windows is also available.
Any piece of software that handles your private keys can steal them or sign transactions you never authorized. This makes Bitcoin wallets especially profitable targets for malware authors. They begin by tweaking some of the open source code. Then they distribute the result, which looks identical to the authentic version. When the unwitting user enters the private key or seed, the wallet steals the funds. The loss is irreversible and can be life-changing.
This is far from a theoretical attack. For example, in 2017 a Reddit user reported that a phishing site was deploying malware through a forged copy of Electrum, resulting in the loss of five bitcoin. The phishing site was followed as the first advertising link from a Google search.
Many Bitcoin users are familiar with the idea of digital signatures. The same idea can be applied to software downloads. The developer signs a download with a private key. Users verify the download using the developer’s public key. A forged file that changes a single bit can be detected with this system, as can a developer who attempts to apply an invalid signature. The standard method for signing binaries is known as Pretty Good Privacy (PGP). Implementations are available for all operating systems.
A popular PGP implementation on OSX is GPG Suite. Begin by downloading the installer from the main page.
We are immediately faced with a dilemma: how do we know that our copy of GPG Suite is authentic? We can’t verify a signature because if we could do that we wouldn’t need GPG Suite.
Fortunately, we can verify the installer’s hash value. Think of a hash value as an immutable, unique identifier that can be assigned to any file. OSX allows hash values to be checked with the shasum
utility. shasum
is run from the Terminal application. To access Terminal, press command-spacebar and type “Terminal”. You’ll see a mostly empty window with a prompt after a dollar sign (“$”). Commands are entered, in text form, after this prompt.
From Terminal, enter the following two commands:
where:
{hash}
is the string of characters that appears at the bottom of the GPG Tools page after clicking on the “SHA256” link;{filename}
is the name of the GPG Suite installer you downloaded; and- two spaces appear between
{hash}
and{filename}
.
For example, On November 1, 2017, I downloaded a file named GPG_Suite-2017.1.dmg
and its SHA256 hash value was:
01705da33b9dadaf5282d28f9ef58f2eb7cd8ff6f19b4ade78861bf87668a061
I would then enter the following two commands into Terminal (leaving out the dollar signs):
The first command moves my frame of file reference to the Downloads directory. The second command verifies the checksum of the file I downloaded. You should see a response that looks something like:
GPG_Suite-2017.1.dmg: OK
Notice that an attacker who was able to change the GPG Suite website might be able to give you the correct hash value for a fake copy of the installer. This is one of the limitations of using hash values to authenticate downloads.
After downloading and verifying the hash value of GPG Suite installer, double click on it. An installer window will be presented. Double click on the one named Install.pkg
. Enter your system password when prompted and follow the remaining instructions.
You will be asked to generate a new key pair. For the purposes of verifying Electrum, this step can be skipped. Click the Cancel button.
GPG Tools should present a window containing a single key entry — the one for the GPG Suite team. Before validating the Electrum download signature, we’ll need to add the public key of its developer to our list.
Thomas Voegtlin is the Electrum lead developer. The Electrum site reports his key ID as 0x2bd5824b7f9470e6
. Use this value to look up Voegtlin’s public key. Click the GPG Keychain “Lookup Key” button and enter the developer key ID. The click Search.
GPG Keychain should respond with an entry for Thomas Voegtlin’s public key. Click Retrieve Key.
GPG Keychain should report that Thomas Voegtlin’s public key was added. You’ll now see two key entries: the original for the GPGTools Team and a new one for Electrum’s lead developer. We can now verify the signature of any Electrum installer.
Browse to the Electrum download page. Next to the OSX entry are two links. Click the first one titled “Executable” to download the Electrum installer. Save it to your Downloads folder.
Click the second link titled “signature.” This link takes you to a plain text page representing the installer’s signature. Save it by pressing command-s. Be sure to save it to the the Downloads folder. Remove the last four characters of the file name reading .txt
, but leave it otherwise unmodified.
You should see two files in your Downloads folder: electrum-{version}.dmg
and electrum-{version}.dmg.asc
, where {version}
is the version of Electrum you downloaded. The former file is the installer itself and the latter is the signature file.
How To Download Mac Os
To verify the signature of the installer, right click on it. A context menu will appear whose last item is called Services. Hovering over it presents a submenu. One of its entries will be “OpenPGP: Verify Signature of File.” Click it.
You should be presented with a window titled “Verification Results.” A single line should appear. The first entry gives the installer’s filename. The second gives the result of the verification. You should see text beginning with “Signed by: Thomas Voegtlin”. The line will be appended with the bolded text “undefined trust.”
At this stage, you’ve verified the signature of an Electrum installer. You could, however, take this process one step further by signing Thomas Voegtlin’s public key. Doing so will remind you in the future that you trust that this key really does belong to Electrum’s lead developer. Only take this step if you have independently verified that the key really does belong to Thomas Voegtlin.
Begin by creating a key pair for yourself, which is the step we skipped when setting up GPG Keychain. Click on the New button on the main GPG Keychain interface. Doing so brings up a form. Fill it out. Click Generate Key. There is no reason to publish this key, so decline that offer.
When you’re done, you should see a new public key in the keys list. It’s your own.
How To Verify A Download On Mac Pro
Next, sign Thomas Voegtlin’s public key. Begin by right-clicking on it. Choose the Sign option from the popup menu. Accept the defaults and click Generate Signature.
Verifying the signature of any Electrum installer in the future will present a somewhat different message than before. Instead of “undefined trust,” GPG Keychain will report “full trust” in green.
Signature validation should be used for any wallet destined to hold large sums of money. Given that wallets holding spare change today can grow to become wallets holding substantial sums tomorrow, signature verification should be the first step of any Electrum wallet installation. This guide offers a step-by-step procedure for doing so. Once set up, it can be used to verify the signature of any future Electrum release, and other Bitcoin software as well.
To recap, the steps are:
How To Verify A Download On Macbook Air
- Download GPG Suite.
- Verify the GPG Suite checksum.
- Import the public key for Electrum’s lead developer.
- Download Electrum installer and signature.
- Verify the Electrum installer signature.