This article will explain how to verify the authenticity of a Ledger Live installation package using Ledger Live Download Signatures on Windows / macOS / Linux.
- Open your browser, go to the Ledger website, select Download the app and download the Windows installation package.
- On your computer, open Windows PowerShell.
- In the shell, type the command below to obtain the SHA-512 hash of the installation file you just downloaded:
Get-FileHash "path/to/downloaded/ledger-live.exe" -Algorithm SHA512 | Format-List
Make sure that the path to the downloaded ledger-live.exe installation file is wrapped with quotation marks "". - Copy the hash.
-
Go to the Ledger Live Download Signatures page, press Ctrl+F, paste the hash you copied from PowerShell in the search bar and press Enter.
If the search returns a hit, it's a match!
SHA-512 hashes are not case-sensitive so a == A, b == B, etc.
The hashes don't match!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the macOS installation package.
- In the Finder, open the /Applications/Utilities folder. Then double-click Terminal.
- To verify the Ledger Live installation package checksum, type the following command in the Terminal followed by space:
shasum -a 512
- Drag and drop the installation file to the Terminal. Then press Enter. After some time, you should see the checksum hash on a new line in Terminal.
- Compare the checksum hashes.
- Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the macOS hash.
- Use Diffchecker to compare if there are any differences between the hash from Terminal and the hash from the Ledger Live Download Signatures page.
If your hashes are identical, your copy of Ledger Live is genuine.
My hashes don't match!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the Linux installation package.
- On your Linux machine, download GtkHash from Github by using the following command in Terminal:sudo apt-get install gtkhash
- When GtkHash is installed, launch the app and select SHA512 in GtkHash preferences.
- Click the Browse icon in the File section to add the Ledger Live installation file.
A window with Ledger Live installation file checksum details appears. - Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the Linux hash.
- To match the checksum from the website with your downloaded copy, paste the website hash value in the Check field and click the Hash button.
A checkmark appears. Your Ledger Live is genuine.
I am getting a cross instead of a checkmark!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.