Comfyfile - File sharing
Comfyfile

How to Verify File Integrity During Transfer

4 min read

When you share an important file—invoice, contract, source code, design export—you want proof the recipient got the exact same bits you sent. Networks drop packets, drives glitch, email gateways “sanitize,” and humans accidentally upload the wrong version. Integrity verification is how you catch any change, accidental or malicious.

This guide shows practical, no‑nonsense ways to verify file integrity, from quick checks you can do today to cryptographic hashes you can automate. It works across macOS, Windows, and Linux, and pairs perfectly with privacy controls in Comfyfile.

Integrity vs. encryption (quick refresher)

  • Integrity answers: “Is this the exact file?”
  • Encryption answers: “Can anyone else read it?”

They’re different. A password‑protected link (encryption at access time) doesn’t automatically prove the file wasn’t altered. For that, you need a verifiable fingerprint—usually a hash such as SHA‑256.

The gold standard: SHA‑256 checksums

A checksum is a short string that uniquely represents your file’s contents. If a single bit changes, the checksum changes dramatically.

Workflow:

  1. Sender computes a checksum for the file before sharing

  2. Sender shares the checksum out‑of‑band (separate from the download link)

  3. Recipient downloads the file and computes the checksum locally

  4. If the two values match, the file is intact

How to compute SHA‑256

macOS (Terminal):

shasum -a 256 path/to/file.ext

Linux (Terminal):

sha256sum path/to/file.ext

Windows (PowerShell):

Get-FileHash path\to\file.ext -Algorithm SHA256

You’ll get a long hexadecimal string. That is the file’s fingerprint.

Tip: Share only the first 8–12 characters for a quick human check in chat, and keep the full value in your records if you need auditability.

Where to put the checksum in your handoff

  • Add it to your message alongside the link (or better: send it in a separate channel)
  • Include it in a small README.txt inside a zip
  • Keep a copy in your project log for future reference

With Comfyfile, you can generate a clean, expiring, password‑protected link, then send the checksum via a different channel (SMS/DM) so a forwarded link alone isn’t enough to misuse.

A simple, safe handoff recipe

  1. Prepare the file (export the right format, zip if multiple items)
  2. Compute SHA‑256 and copy the value
  3. Upload to Comfyfile
  4. Set a password, add an expiry (e.g., 24 hours–7 days), and limit downloads (e.g., 1–3)
  5. Share the link in your email or chat
  6. Send the checksum and password in a different channel
  7. If you revise the file, generate a new checksum and share a fresh link

Why this works:

  • The checksum proves integrity
  • The password blocks casual forwarding
  • Expiry and download limits reduce long‑term exposure

Alternatives and complements

  • Zip integrity: Opening a .zip can expose corruption, but it doesn’t prove the contents weren’t swapped. Prefer SHA‑256.
  • Code signing / GPG signatures: For high‑assurance or public distribution, sign your checksum or the file itself with a private key so recipients can verify authenticity, not just integrity.
  • Size and metadata sanity checks: File size should match what the sender expects; timestamps and formats should look right. Useful as a quick pre‑check, not a guarantee.

Common pitfalls to avoid

  • Comparing the wrong file: Verify the exact artifact you sent (e.g., the zip, not just an extracted file)
  • Mixing versions: “final_v3.zip” vs “final_v3_reexport.zip” — compute and label clearly
  • Sharing the checksum in the same thread as the link only: use a separate channel for best security
  • Using weak algorithms: Avoid MD5 and SHA‑1; stick to SHA‑256 or stronger

FAQ

Isn’t a password enough?

No. A password controls access, but doesn’t prove the file didn’t change. Use passwords for privacy and hashes for integrity.

Do I have to verify after extracting a zip?

Verify the archive itself. If you must verify extracted contents, compute the hash on the extracted file and compare with a checksum provided specifically for that file.

What if the recipient’s checksum doesn’t match?

Assume the file changed or was corrupted. Re‑upload, re‑share a fresh link, and compare again. If it persists, try a different network or storage device.

Integrity checks are fast, free, and save you from subtle “it looks fine” mistakes. Pair SHA‑256 verification with Comfyfile's password, expiry, and download limits to deliver files confidently—every time.

Related reading:

Share files the secure way

Try Comfyfile for free—passwords, expiries, and download limits in one click.

Upload a file