To confirm the authenticity of the 1Password command-line tool on your Mac, the tool and all its updates are digitally signed and offered exclusively through the 1Password command-line tool download page. Always get updates directly from 1Password, and always check to make sure that you have the latest version.
To confirm the installer is authentic
To confirm the installer is authentic, you can verify the digital signature before installation.
-
Double-click the 1Password command-line tool package (.pkg) file to open the installer. If you see “This package will run a program to determine if the software can be installed”, click Continue. This will not begin the installation.
-
Click the lock icon in the top right corner of the installer window. If you don’t see the lock icon, the package is unsigned, and you shouldn’t install it.
-
Select “Developer ID Installer: AgileBits Inc. (2BUA8C4S2C)”. If you see a different developer ID, or the certificate doesn’t have a green checkmark indicating that it’s valid, don’t install the package.
-
Click the triangle next to “Details” and scroll down.
-
Make sure that the SHA-256 fingerprint in the installer matches the following fingerprint from the current AgileBits certificate. If they match, the signature is verified; click OK and continue installation.
| Hash | Fingerprint |
|---|---|
| SHA‑256 | 14 1D D8 7B 2B 23 12 11 F1 44 08 49 79 80 07 DF 62 1D E6 EB 3D AB 98 5B C9 64 EE 97 04 C4 A1 C1 |
The installer automatically verifies the files in the package. If any file has an issue, installation stops without changes to your system, and you’ll see a message that the installer encountered an error.