Verify document integrityHash after downloading via CLI

I am working with the CLI and trying to figure out how to compare the integrityHash that is given for a document object with the downloaded file. After downloading the document how can I verify that the file was downloaded completely and that the contents is unchanged? If this is already possible, which hashing algorithm should be used? I tried with MD5, SHA1, and SHA256 but none matched.

Sorry if this is a re-post, I searched everywhere looking for this answer and did not come up with any (seemingly) relevant results.

1Password Version: 0.5.5
Extension Version: Not Provided
OS Version: Windows 10 (17134.648)
Sync Type: Not Provided


  • cohixcohix

    Team Member

    @bstanley great question! The short answer is that the CLI does that for you when it downloads it, so there's no real need to check it manually


    If you would like to validate it yourself, here are the steps:

    1) H = SHA256 the bytes of the file
    2) E = Base64URLEncode(H)
    3) I = integrityHash.replace(/+/g, "-").replace(/\//g, "_").replace(/=/g, "") (to account for some misbehaving older versions of 1Password
    4) stringCompare(E, I)

    Hope that helps!

  • That is great to know! Thank you for the reply, it it appreciated. If that information is not already in the CLI documentation somewhere (that the CLI validates the file for you) I would suggest that it be added for future CLI users (I did not see it anywhere but I could have looked over it). Keep up the great work!

  • brentybrenty

    Team Member

    Likewise, thanks for the feedback! :)

This discussion has been closed.