This article will explain how to verify the authenticity of a Ledger Live installation package using Ledger Live Download Signatures on Windows / macOS / Linux.
- Begin by opening your preferred browser and navigating to the Ledger website.
- Click on Download the app and proceed to download the Windows installation package onto your computer.
- Once downloaded, locate the installation package on your computer. You can find its path by right-clicking on the package and selecting Properties.
- On your computer, open Windows PowerShell.
- In the PowerShell, input the following command to retrieve the SHA-512 hash of the downloaded file:
Get-FileHash "path/to/downloaded/ledger-live/installation/package.exe" -Algorithm SHA512 | Format-List
Remember to replace "path/to/downloaded/ledger-live/installation/package.exe" with the specific path noted in step 3. Ensure the path remains wrapped in "quotation marks". - Hit Enter to initiate the hashing process.
- Once the hash appears in the console, double-click on it to highlight it and copy it using Ctrl+C.
-
Navigate to the Ledger Live Download Signatures page. Use Ctrl+F to open the search function, paste the hash, and press Enter to verify.
If the search returns a hit, it's a match!
Remember, SHA-512 hashes are not case-sensitive so a == A, b == B, etc.
The hashes don't match!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the macOS installation package.
- In the Finder, open the /Applications/Utilities folder. Then double-click Terminal.
- To verify the Ledger Live installation package checksum, type the following command in the Terminal followed by space:
shasum -a 512 - Drag and drop the installation file to the Terminal. Then press Enter. After some time, you should see the checksum hash on a new line in Terminal.
- Compare the checksum hashes.
- Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the macOS hash.
- Use Diffchecker to compare if there are any differences between the hash from Terminal and the hash from the Ledger Live Download Signatures page.
If your hashes are identical, your copy of Ledger Live is genuine.
My hashes don't match!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.
- Go to the Ledger website, scroll down to the Download Ledger Live app section and download the Linux installation package.
- On your Linux machine, download GtkHash from Github by using the following command in Terminal:sudo apt-get install gtkhash
- When GtkHash is installed, launch the app and select SHA512 in GtkHash preferences.
- Click the Browse icon in the File section to add the Ledger Live installation file.
A window with Ledger Live installation file checksum details appears. - Go to the Ledger Live Download Signatures page, scroll down to the Ledger Live binaries section and copy the Linux hash.
- To match the checksum from the website with your downloaded copy, paste the website hash value in the Check field and click the Hash button.
A checkmark appears. Your Ledger Live is genuine.
I am getting a cross instead of a checkmark!
- Your copy of Ledger Live might not be genuine.
- Please immediately contact Ledger support, you will be provided with a safe link to install Ledger Live to the latest version.