When you download an Asset from the Digital Exchange, how do you know that the download was successful? How do you know that there was not some system error that corrupted one or more bits? How can you be sure that some malicious actor didn’t fiddle with the download, adding some malware? Checksums come to the rescue. 

A checksum is a small-sized block of data derived from the download Asset on the DX. Its purpose is to help you detect errors introduced during the transmission or storage of a DX Asset. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity. We ensure authenticity through the management of the Digital Exchange. 

Whenever we publish an Asset on the DX, we calculate a checksum and display its value on the Asset’s Page on the DX. We compute each checksum on the DX using the SHA-256 one-way hash algorithm such that after download, you can calculate your checksum for comparison.   If the checksums match, you can be confident that you received the download as it was published.  

Below is a what the checksum looks like on the DX: 

We use the fingerprint icon because the checksum is like a fingerprint to help identify the file. 

So, what do you do with the checksum? 

After you download your file, you can compare the published checksum with the one you calculate using the file you just downloaded.   If your file is called myFavoriteAsset.bprelease, then you use the following command in the Windows cmd against the file that you just downloaded: 

C:\> certUtil -hashfile myFavoriteAsset.bprelease SHA256 

When you type the command it results in the next display: 

Notice that the checksum published matches the checksum calculated, and thus I know that I received the Asset intact and as the publishers intended it. 

What should you do if the checksums don’t match? Log a support ticket on the DX using the menu below: 

Or, you can send an email to dxsupport@blueprism.com.