Verify Your Downloads
We encourage you to verify SHA256 checksums for all Sigilweaver downloads. It's a great security practice and helps ensure you're running exactly what we built.
Our Transparent Build Process
Sigilweaver releases are built using a fully automated GitHub Actions pipeline in a clean, isolated environment. The entire build process is visible in our public repositories, and artifacts are securely uploaded to Backblaze B2 storage.
Our release process is reproducible and transparent. You're welcome to inspect our build scripts, review the source code, and verify that the checksums match what our automated pipeline generated.
📖 Open Source Means Verifiable
We believe in transparency. Our source code is available on GitHub, our build process is automated and auditable, and we provide SHA256 checksums for every release. Verify everything — that's what open source is all about.
How to Verify: Understanding SHA256 Checksums
A SHA256 checksum is a cryptographic hash that uniquely identifies a file. By comparing the checksum of your downloaded file with the one we provide, you can verify that:
- The file downloaded completely without corruption
- The file hasn't been tampered with or modified
- You received the exact file we published
Windows
Using PowerShell (Built-in)
- Open PowerShell (Right-click Start → Windows PowerShell)
- Navigate to your Downloads folder:
cd ~/Downloads
- Run the checksum command:
Get-FileHash Sigilweaver-Setup.exe -Algorithm SHA256
- Compare the output with the SHA256 shown on the downloads page
Example output:
Algorithm Hash --------- ---- SHA256 56254CC60A4FEACFC9D44B69CD8956D9F328DBA684EC8E8194A5C502B340E557
macOS
Using Terminal (Built-in)
- Open Terminal (Applications → Utilities → Terminal)
- Navigate to your Downloads folder:
cd ~/Downloads
- Run the checksum command (replace with your downloaded filename):
shasum -a 256 Sigilweaver.dmg
- Compare the output with the SHA256 shown on the downloads page
Example output:
56254cc60a4feacfc9d44b69cd8956d9f328dba684ec8e8194a5c502b340e557 Sigilweaver.dmg
Linux
Using Terminal (Built-in)
- Open your terminal
- Navigate to your Downloads folder:
cd ~/Downloads
- Run the checksum command (replace with your downloaded filename):
sha256sum Sigilweaver.AppImage
- Compare the output with the SHA256 shown on the downloads page
Example output:
98ed19ce23d7cef7993fa7f8e5bb5550b46b1b083b0a32498eac3b2274d7a351 Sigilweaver-x64.AppImage
Pro Tip: Automated verification
You can create a file with the expected checksum and verify automatically:
echo "EXPECTED_SHA256 Sigilweaver-x64.AppImage" | sha256sum -c
This will output "OK" if the checksum matches.
What if the checksums don't match?
If the SHA256 checksum you calculated doesn't match the one on our downloads page, do not run the file. This could indicate:
- The download was corrupted during transfer
- The file has been tampered with
- You downloaded a different version than expected
What to do:
- Delete the downloaded file
- Clear your browser cache
- Download the file again from sigilweaver.app/downloads
- Verify the checksum again
- If it still doesn't match, report it on GitHub Issues
Why Verify Downloads?
Verifying checksums is an important security practice that puts you in control. Here's what it helps you confirm:
File Integrity
Confirm the download completed successfully without corruption, preventing installation errors or unexpected behavior.
Authenticity
Verify you received the exact file we built and published, not a modified version from a compromised mirror or network.
Network Security
Protect against man-in-the-middle attacks, especially important on public WiFi or untrusted networks.
Compliance & Audit Trails
Meet organizational security policies and create verifiable audit trails for software deployments.
Don't Just Trust — Verify!
Open source software is about transparency and verifiability. We provide the tools and information you need to verify everything. Use them!