JSONToTable
Loading Checksum Verify...
Please wait a moment

How to Verify a Checksum - Step by Step Guide

Validate payload integrity by comparing computed and expected digest values

Step 1

Add Your Payload

Paste content or upload a text file to compute its checksum using the Web Crypto digest API.

Paste directly: Paste raw API responses, config payloads, downloaded file content, or any UTF-8 text.
Upload a file: Load .txt, .json, .xml, or .csv files for checksum computation.
Try sample: Click Sample to auto-fill both the input and a matching expected hash for quick testing.

Example — verifying a downloaded JSON payload:

Input: {"invoice":"INV-100","total":129.99,"status":"paid"}

Computed SHA-256: a1b2c3d4e5f6...7890abcdef
Expected hash:   a1b2c3d4e5f6...7890abcdef

Verification → PASS
Step 2

Select Algorithm

Choose the same SHA-2 algorithm that produced the expected checksum. Using a different algorithm will always result in a mismatch.

SHA-256: Most common checksum format used in npm package integrity and release verification.
SHA-512: Used in high-security environments and Docker image digests.
SHA-1: Legacy algorithm still found in older Git repositories and legacy systems.
Step 3

Paste Expected Hash

Enter the known checksum value to get instant PASS or FAIL verification. The tool normalizes whitespace and letter case automatically.

PASS: Computed digest matches expected hash — payload integrity is confirmed.
FAIL: Digests differ — input was modified, truncated, or the wrong algorithm was selected.
Hex validation: Invalid characters in the expected hash field are flagged immediately.

Example — failed verification due to tampered payload:

Input: {"invoice":"INV-100","total":199.99,"status":"paid"}
       (amount changed from 129.99 to 199.99)

Computed SHA-256: f8e7d6c5b4a3...
Expected:        a1b2c3d4e5f6...7890abcdef

Verification → FAIL (payload was modified)
Step 4

Export Verification Log

Copy or download the verification output for compliance records, NIST hash function audit trails, and deployment logs.

Copy: Copy the full verification log including computed hash, expected hash, and PASS/FAIL status.
Download: Save verification result as a text file for deployment and compliance records.
Next step: Use Hash Compare to compare two payloads side-by-side without a known expected hash.

Frequently Asked Questions

Why am I getting FAIL?

Common causes include algorithm mismatch (e.g. using SHA-512 when the expected hash is SHA-256), extra whitespace or trailing newlines, encoding differences, or a truncated input payload.

Can I verify API response integrity?

Yes. Paste the raw response body and compare with the server-provided checksum. For JSON cleanup before verification, use JSON Formatter.

Is my data sent to a server?

No. All checksum computation and verification happens in your browser using the W3C Web Crypto API. No data is transmitted.

Does the expected hash format matter?

The tool accepts hexadecimal expected hashes. Whitespace and letter case are normalized automatically, so both uppercase and lowercase hex strings are accepted.

Can I verify file checksums?

For binary file checksums, use File Checksum Generator which reads files as binary data. This tool processes text content with UTF-8 encoding.

Related Tools

Hash Compare

Compare two inputs by digest and verify whether their hashes match exactly

File Checksum Generator

Generate SHA checksums for uploaded files with SHA-1, SHA-256, SHA-384, and SHA-512

Multi-Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 digests together from a single input

HMAC Generator

Generate HMAC signatures with SHA algorithms and export in HEX/Base64 formats

HMAC Verify

Verify HMAC signatures against expected HEX/Base64 values with pass/fail output

SHA-256 Generator

Generate SHA-256 hash online in HEX and Base64 formats for text and file content verification