Search this site
Embedded Files
ICU - International Components for Unicode

Verifying Downloads

Many ICU downloads may be verified as to their authenticity.

How to verify the downloads?

MD5

    • Download the MD5 hash file by clicking the [MD5] link on the download page, as well as another ICU file.

    • Run a command line program such as md5, md5sum, cfv, or fciv on Windows over your downloaded ICU file

    • Verify that the hashed result from the command line program matches the hash in the .md5 file.

SHASUM512

    • SHA512 hashes may be created with gpg --print-md SHA512 somefile

    • These hashes may be verified with shasum -c SHASUM512.txt

    • (Note that GPG signed files may begin with "Hash: SHA256", but this is GPG's hash, not the SHASUM hashes)

GPG / PGP

    • Download the file http://ssl.icu-project.org/KEYS and import it with:

    • gpg --import KEYS

    • (This is safe to run multiple times, it will update any new keys)

    • Download the original ICU file, as well as the .asc file by clicking the [PGP] link in the left column of the download page.

    • To verify the file, run this command line against the .asc file

    • gpg --verify somefile.tgz.asc

    • If the signature is good, you should see "gpg Good signature from..."

For further reading, see the Apache Project release signing page

Report abuse
Page details
Page updated
Report abuse
Morty Proxy This is a proxified and sanitized view of the page, visit original site.