{"id":21898346,"url":"https://github.com/aetherinox/verisum","last_synced_at":"2026-04-24T22:32:47.990Z","repository":{"id":191119439,"uuid":"566628510","full_name":"Aetherinox/verisum","owner":"Aetherinox","description":"Hash digest generation with checksum verification for confirming project release authenticity","archived":false,"fork":false,"pushed_at":"2023-10-19T17:50:54.000Z","size":1462,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-30T22:31:13.289Z","etag":null,"topics":["batch","batch-script","checksum-generationn","checksums","command-prompt","generator","gpg","gpg-encryption","gpg-key","gpg-signature","gpg4win","hash","hash-digest","hashing","pgp","pgp-signature","terminal","windows","yubico","yubikey"],"latest_commit_sha":null,"homepage":"","language":"Batchfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Aetherinox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-16T04:17:49.000Z","updated_at":"2024-09-06T18:01:23.000Z","dependencies_parsed_at":"2024-05-10T09:45:10.325Z","dependency_job_id":null,"html_url":"https://github.com/Aetherinox/verisum","commit_stats":null,"previous_names":["aetherinox/verisum","aetherinaux/verisum"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Aetherinox/verisum","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fverisum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fverisum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fverisum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fverisum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Aetherinox","download_url":"https://codeload.github.com/Aetherinox/verisum/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Aetherinox%2Fverisum/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32243306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["batch","batch-script","checksum-generationn","checksums","command-prompt","generator","gpg","gpg-encryption","gpg-key","gpg-signature","gpg4win","hash","hash-digest","hashing","pgp","pgp-signature","terminal","windows","yubico","yubikey"],"created_at":"2024-11-28T14:26:08.765Z","updated_at":"2026-04-24T22:32:47.961Z","avatar_url":"https://github.com/Aetherinox.png","language":"Batchfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Verisum\n\nA Windows utility created in order to generate a hash digest with checksums for files or folders. Generated checksums can then be signed using your specified GPG key into an armored `asc` format.\n\nUsers who download your project will then be able to download and verify that your project came from the authentic developer by using the digest to compare the checksums between their current downloaded files, and the files officially belonging to the project.\n\n## Structure\n\n```\n📁 .docs                    info related to this library\n📁 .lib                     required library files -- do not modify\n📁 .logs                    outputs the results of verifications against SHA in \"checksums\" folder\n📁 checksums                generated and gpg signed checksums for project stored here\n📁 project                  Your project's root folder should be placed in here\n   📁 Your Project Folder\n```\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Files\n\n| File | Description |\n| --- | --- |\n| 📄 Verisum_Generate.bat | Generates a new checksum digest by reading all files in \"project\" folder. \u003cbr /\u003e Generated checksums are stored in `checksums` folder. |\n| 📄 Verisum_Sign.bat | Takes a generated checksum digest and signs it with a specified GPG key. |\n| 📄 Verisum_Verify.bat | Compares the generated checksum txt in \"checksums\" with files in \"project\" |\n\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Generating\n\nTo generate a brand new hash digest for your project, place your project's root folder inside the `project` folder. Then open `Verisum_Generate.bat` and wait while your digest is created. Once done; it will be placed in the `checksums` folder.\n\nYou have the option to generate a checksum for every file in the project, or you can generate a single checksum for the entire project.\n\n![4cUmHnB](https://github.com/Aetherinox/Verisum/assets/118329232/4f187123-5610-4d9c-8cb5-190f37227643)\n\n### Single Checksum\nA single checksum will be generated based on the overall project.\n\n\u003cbr /\u003e\n\n### Per File Checksum\nEach file in your project will have its very own checksum created.\n\n\u003cbr /\u003e\n\n### Algorithms\n\nGenerating a new digest supports the following algorithms:\n\n- MD5\n- SHA1\n- SHA256\n- SHA384\n- SHA512\n\n\u003cbr /\u003e\n\n`SHA256` is the default algorithm.\nTo change the algorithm used; open the `config.ini` file and modify:\n\n```ini\nalgo=SHA256\n```\n\n\u003cbr /\u003e\n\nOnce you have generated a hash digest; it will appear in the following structure in `\\checksums\\*.txt`. The filename is dependent on which algorithm you choose.\n\n```gpg\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n5c1211559dda10592cfedd57681f18f4a702410816d36eda95aee6c74e3c6a47  .lib/cecho.exe\nef52afdf2356a5e2e42e1b117a5cffb4663b4cc434de09db62e7310496ba20c0  .lib/dos2unix.exe\n899482064f3ebb2dd8a9d368b7e51680f0e704cd9ffe188f187faadc0c05faa4  .lib/sha256sum.exe\n86a08d6e148759f5b5637af247da5ba2cf779f141af891a9d7b5f6dca06df126  .lib/verisum.exe\n7b3759a83aa3905885fa167b7c43192f33d0e8bba81c25af20ac839cd2e750e6  Verisum_Generate.bat\n5b92a39fa80e44fa0a98534fea03a8009916472fb5e37d6f69aa22f93c4311a8  Verisum_Sign.bat\nfa1b7c8a835652e9598682feed205d1546f2796947f1c2b649082dc29c277732  Verisum_Verify.bat\n```\n\n### Ignored files\n\nBy default; Verisum ignores generating a checksum for the following files:\n\n- \\*.gitignore\n- \\*.md\n- \\*docs\n\nOpen the `.bat` files if you wish to edit these exclusions. The character `*` can be used as a wildcard.\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Signing\n\nThis utility will take your hash digest file populated with your project's checksums, and verify all the generated checksums between the digest file and project files themselves. After all checksums are verified; an armored `asc` gpg key is generated with your gpg signature. If your gpg key has a passphrase; you will be prompted to supply it for the signing to be complete. The final digest with your armored `asc` checksums will be placed in the `checksums` folder, along with your original digest txt. That asc file can then be uploaded to places like Github when you publish releases for your project.\n\nVerisum provides you with two ways to supply a GPG key.\n1. Adding your GPG key via the `config.ini` file [Automatic]\n2. Entering your GPG key when you launch the `Verisum - Sign.bat` file. [Manual]\n\n\u003cbr /\u003e\n\n\n\n\n\u003cbr /\u003e\n\n### GPG Key - Automatic\n\nTo specify your GPG key, open `Verisum_Sign.bat` in a text editor.\n\nLocate and edit:\n\n```git\nSET gpg_keyid=XXXXXXXX\n```\n\nAfter providing your GPG key, re-launch the utility and it will automatically sign the provided hash digest.\n\n\u003cbr /\u003e\n\n### GPG Key - Manual\n\nThe `Verisum_Sign.bat` utility also includes the ability to provide your GPG key on the fly.\n\n![XYUWvBO](https://github.com/Aetherinox/Verisum/assets/118329232/cbf9d422-d81a-4ae6-84f8-ef1bd7db67b4)\n\nIf you execute the sign utility without configuring your GPG key; you will be prompted with instructions on how to add your GPG key. You will then be asked to provide a GPG key for a `one-time` signature. If you do not provide the correct key, or leave it blank; the application will close if you have not included your GPG key within the `config.ini`.\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Verify\n\nTo verify a digest's checksums against your actual project files, open `Verisum_Verify.bat`. The script will automatically grab your generated digest txt file from the `checksums` folder, and compare that with the files in the `project` folder. It will return the results of that check, which will either be successful, or it will list the files that failed the checksum verification. On top of this information being shown in console; a log file will be pushed to the `.logs` folder.\n\n![Lzxujmd](https://github.com/Aetherinox/Verisum/assets/118329232/d4fc17fc-f813-48fd-ab46-e81a05d8fc64)\n\n\u003cbr /\u003e\n\n### SHA256SUM.EXE\n\n`.lib\\sha256sum.exe` has been provided in this utility as an alternative tool. It is `not` required for Verisum to function. It is only there in case people wish to utilize it.\n\nIn order to use this file, your projects's hash digest txt file and your project's root folder must be placed together in the same folder with sha256sum.exe.\n\nRefer to the following example:\n\n```\n📁 .docs\n📁 .lib\n📁 .logs\n📁 checksums\n📁 project\n📄 SHA256.txt\n➡️ sha256sum.exe\n```\n\nYou can open `Command Prompt`, `Terminal`, or `Powershell`, navigate to the folder with all of the files listed above, and execute the command:\n\n```shell\nsha256sum -c YourSHAFile.txt\n```\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Linux\n\nVerisum ensures that all generated hash digests are Linux compatible. Verisum converts a created text file from `CRLF` (Carriage Return and Line Feed -- Windows) to `LF` (Line Feed -- OSX / Linux). This allows you to utilize the same hash digest in Linux to do comparisons there.\n\nPlace the generated hash digest `.txt` file on your Linux computer. Then move your project files into a folder.\nOnce you have these all transferred; open `Terminal`, change to the directory with your project files, and execute the command:\n\n```shell\nsha256sum --check /path/to/sha256.txt\n```\n\nYou will see something similar to:\n\n```shell\n\u003e sha256sum --check digest/sha256.txt\n\n.lib/cecho.exe:         OK\n.lib/dos2unix.exe:      OK\n.lib/sha256sum.exe:     OK\n.lib/verisum.exe:       OK\nVerisum_Generate.bat:   OK\nVerisum_Sign.bat:       OK\nVerisum_Verify.bat:     OK\n```\n\nTo get a full list of commands available; view the following:\n\n- [MD5](https://man7.org/linux/man-pages/man1/md5sum.1.html \"MD5\")\n- [SHA1](https://man7.org/linux/man-pages/man1/sha1sum.1.html \"SHA1\")\n- [SHA256](https://man7.org/linux/man-pages/man1/sha256sum.1.html \"SHA256\")\n- [SHA384](https://man7.org/linux/man-pages/man1/sha384sum.1.html \"SHA384\")\n- [SHA512](https://man7.org/linux/man-pages/man1/sha512sum.1.html \"SHA512\")\n\n\u003cbr /\u003e\n\n---\n\n\u003cbr /\u003e\n\n## Libraries\n\n### [cecho](https://www.codeproject.com/Articles/17033/Add-Colors-to-Batch-Files \"cecho\")\n\nSpecial thanks to Thomas Polaert; the developer of `cecho`. This library makes batch files much more palatable in terms of getting important information across to the user.\n\n### [sha256sum](https://g10code.com/ \"sha256sum\")\n\nThis library is developed by [g10code](https://g10code.com/ \"g10code\")","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faetherinox%2Fverisum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faetherinox%2Fverisum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faetherinox%2Fverisum/lists"}