Security and privacy

How to verify the authenticity of the 1Password command-line tool on your Mac

When you download the 1Password command-line tool, you can verify its signature to confirm that it’s authentic.

To ensure the authenticity of the 1Password command-line tool on your Mac, the tool and all its updates are digitally signed and offered exclusively through the 1Password command-line tool download page. Always get updates directly from 1Password, and always check to make sure that you have the latest version.

To confirm the installer is authentic

To confirm the installer is authentic, you can verify the digital signature before installation.

  1. Double-click the 1Password command-line tool package (.pkg) file to open the installer. If you see “This package will run a program to determine if the software can be installed”, click Continue. This will not begin the installation.

  2. Click the lock icon in the top right corner of the installer window. If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it.

  3. Select “Developer ID Installer: AgileBits Inc. (2BUA8C4S2C)". If you see a different developer ID, or the certificate doesn’t have a green checkmark indicating that it’s valid, don’t install the package.

  4. Click the triangle next to “Details” and scroll down.

  5. Make sure that the SHA-256 fingerprint in the installer matches the following fingerprint from the current AgileBits certificate. If they match, the signature is verified; click OK and continue installation.

    the 1Password command-line tool installer window showing the developer ID and fingerprints

HashFingerprint
SHA‑25614 1D D8 7B 2B 23 12 11 F1 44 08 49 79 80 07 DF 62 1D E6 EB 3D AB 98 5B C9 64 EE 97 04 C4 A1 C1

The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you’ll see a message that the installer encountered an error.

Published: