If I've downloaded a file with a known SHA256 hash, how can I use PowerShell to check that the file matches the expected hash?
The Get-FileHash cmdlet computes hashes for files, and SHA256 is its default hash algorithm.
To compute the hash of a file:
Get-FileHash .\path\to\foo.zip
This produces something like:
Algorithm Hash Path
--------- ---- ----
SHA256 15DC0502666851226F1D9C0FE352CCAF0FFDEFF2350B6D2D08A90FCD1F610A10 C:\Users\me\path\to\foo.zip
To compare to the known value, extract the computed hash value alone from the output of Get-FileHash, then compare it to the expected value as a (quoted) string literal. Conveniently this comparison appears to be case-insensitive
(Get-FileHash .\path\to\foo.zip).Hash -eq "15dc0502666851226f1d9c0fe352ccaf0ffdeff2350b6d2d08a90fcd1f610a10"
True
...or if you've got the expected hash in a file, say expected-hash.sha256
(Get-FileHash '.\path\to\foo.zip').Hash -eq (Get-Content .\expected-hash.sha256)
True