File Hash SHA format converstion

Question

I need to download cumulative updates and install them manually. The SHA1 file hash given by the Microsoft Update Catalog appears to use a different character base than what is produced by the get-filehash PowerShell function.

Is there an app or function to covert the published file hash to what get-filehash produces?

Answer 1

The MUC hash needs to be converted from base64 then converted to hex.

Using the following powershell function gives the output A840F48F81E79F45131128F9F823633A59F57879 for qED0j4Hnn0UTESj5+CNjOln1eHk=

function Convert-Base64ToHex {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [string]$Base64
    )

    process {
        try {
            $bytes = [Convert]::FromBase64String($Base64)
            [System.BitConverter]::ToString($bytes).Replace("-", "")
        }
        catch {
            throw [System.FormatException]::new("Invalid Base64 input: $($Base64)")
        }
    }
}

Convert-Base64ToHex "qED0j4Hnn0UTESj5+CNjOln1eHk=" 

Answer 2

Hello Cliff McCullough,

This issue is indeed related to Windows for business, specifically when dealing with manual installation of cumulative updates from the Microsoft Update Catalog. It is not directly tied to Windows 365 Enterprise, but it falls under the broader Windows servicing and update management domain.

The difference you are seeing is due to the fact that Microsoft Update Catalog publishes file hashes in SHA-1 format using uppercase hexadecimal characters, while PowerShell’s Get-FileHash cmdlet outputs the hash in lowercase hexadecimal by default. Both represent the same value; the character case does not affect the integrity of the hash. For example, A94A8FE5... from the catalog is identical to a94a8fe5... from PowerShell.

There is no need for a conversion utility because the values are already equivalent. If you want your PowerShell output to visually match the catalog format, you can simply pipe the result through .ToUpper():

powershell

(Get-FileHash -Algorithm SHA1 -Path "C:\Updates\windows10.0-kb5034763-x64.msu").Hash.ToUpper()

This will produce the uppercase string that aligns with the published catalog hash. Conversely, if you prefer lowercase, you can use .ToLower(). The important point is that the hash comparison is case-insensitive, so the verification is valid regardless of case.

I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

Domic Vo.

Answer 3

The Get-FileHash cmdlet in PowerShell computes the hash value for a file using a specified hash algorithm, with SHA256 being the default. If you are encountering SHA1 hashes from the Microsoft Update Catalog, you can use the Get-FileHash cmdlet to generate a SHA1 hash for your downloaded files by specifying the -Algorithm parameter. Here’s how you can do it:

Get-FileHash -Path "C:\path\to\your\file.ext" -Algorithm SHA1

This will produce a SHA1 hash that you can compare with the hash provided by the Microsoft Update Catalog. Unfortunately, there isn't a built-in function or app specifically designed to convert between different hash formats, as hash values are unique to their respective algorithms. However, you can always compute the hash using the desired algorithm directly with Get-FileHash.

---

References:

• Get-FileHash