Well, tax season again. Taiwan’s personal income tax filing system1 consists of an online system and a desktop computer software. Since the Ministry of Finance hosts the installer online, a best practice is to also provide the hash value of the installer, which they did, to my surprise.2
The hash value, however, is not in plain format like
1420bdb0d4876927e1aa9612dc9c0480acde2f72, which we’re more familier and frequently found on sites such as Microsoft, FreeBSD, Apple, etc. They provided an xml file that can be use by their verify utility. Yet the
SHA1 tag inside is encoded.
It turns out that the code is a base64-encoded, binary formatted sha1 hash. If you don’t like another utility just for checksum verification, you may extract the plain hash or generate a same encoded one like theirs for comparison.
To decode xml’s hash:
To generate a binary sha1 and base64-encode it:
Now you may verify the checksum, whether plain hash or encoded.