This article will explain how to verify the authenticity of a Ledger Live installation package using Ledger Live Download Signatures on Windows / macOS / Linux.
Signatures Unavailable for version 2.43.1
- We are no longer using GitHub to distribute new Ledger Live versions and have migrated to a new service.
- As a result of the transition, we were exceptionally not able to post signatures for Ledger Live version 2.43.1.
- The version you can download through our website is safe and the signatures will be listed back in the next Ledger Live update.
- In the meantime, you can either:
- Stay on Ledger Live 2.42 until we release the next update.
- Reach out to our Support service, we will provide you with a safe link to download Ledger Live 2.43.1.
- Download Ledger Live 2.42 via our old GitHub repo, verify its signatures and use the in-app prompt to safely update to the latest version.
- In any case, please keep in mind that the security of your Ledger accounts ultimately hinges on your 24-word recovery phrase. For more on how to keep your phrase safe, please consult this article.
-
Go to GitHub and download the latest release of OpenHashTab on your computer.
- Install OpenHashTab.
-
Go to the Ledger website, scroll down to the Download Ledger Live app section and download the Windows installation package.
-
Right-click on the installation package icon on your computer, and select Properties.
A Ledger Live properties window appears. -
Go to the Hashes tab and you can see the hashes of the installation package. Now you need to compare with the hash from our website.
-
Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the Windows hash.
-
Go back to the Ledger Live Properties window, to the Hashes tab, and paste the hash from the website in the Check against field
If the hash is matching, you should see the name of the installation file. If hash does not match, you will see "No match found" message.
I am getting a "No match found" message!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the macOS installation package.
- In the Finder, open the /Applications/Utilities folder. Then double-click Terminal.
- To verify the Ledger Live installation package checksum, type the following command in the Terminal followed by space:
shasum -a 512
- Drag and drop the installation file to the Terminal. Then press Enter. After some time, you should see the checksum hash on a new line in Terminal.
- Compare the checksum hashes.
- Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the macOS hash.
- Use Diffchecker to compare if there are any differences between the hash from Terminal and the hash from the Ledger Live Download Signatures page.
If your hashes are identical, your copy of Ledger Live is genuine.
My hashes don't match!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the Linux installation package.
- On your Linux machine, download GtkHash from Github by using the following command in Terminal:sudo apt-get install gtkhash
- When GtkHash is installed, launch the app and select SHA512 in GtkHash preferences.
- Click the Browse icon in the File section to add the Ledger Live installation file.
A window with Ledger Live installation file checksum details appears. - Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the Linux hash.
- To match the checksum from the website with your downloaded copy, paste the website hash value in the Check field and click the Hash button.
A checkmark appears. Your Ledger Live is genuine.
I am getting a cross instead of a checkmark!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.