Verify Downloaded Files
When downloading files from the pfSense web site, SHA256 checksum files are available.
These SHA256 files can be used to verify the download completed successfully, and that an official release is being used.
Hash verification on Windows
Windows users may install HashTab or a similar program to view file hashes. With HashTab installed, right click on the downloaded file and a File Hashes tab is available containing the SHA256 hash, among others. The generated SHA256 hash can be compared with the contents of the .sha256 file downloaded from the pfSense website, which is viewable in any plain text editor such as Notepad. If a SHA256 hash is not displayed, right click in the hash view and click Settings, then check the box for SHA256 and click OK.
Hash verification on BSD and Linux
The sha256 command comes standard on FreeBSD, and many other UNIX and UNIX-like operating systems. GNU or Linux systems provide a sha256sum command that works similarly. A SHA256 hash may be generated by running the following command from within the directory containing the downloaded file:
# sha256 pfSense-CE-2.3-RELEASE-amd64.iso.gz
Compare the resulting hash with the contents of the .sha256 file downloaded from the pfSense website.
Hash verification on OS X
OS X includes the shasum command, which can calculate sha256 using shasum -a 256 <filename>, but there are also GUI applications available such as HashTab.