HashCalc Pro

Native macOS® hashing utility. Last updated: April 23, 2026.

One file in, every digest out. HashCalc Pro is the macOS hashing workhorse built for people who actually care about file integrity - developers signing releases, security teams triaging unknown binaries, and anyone who needs to prove that a download is what it claims to be. Feed it a file, a text string, or a raw hex payload and it computes up to 48 cryptographic and non-cryptographic hashes in a single streaming pass - SHA-1/2/3, BLAKE2, BLAKE3, RIPEMD, Tiger, Whirlpool, GOST-94, xxHash, CRC, MurmurHash3, FNV, and more - leaning on Apple Silicon's hardware-accelerated SHA instructions where the math matters most.

Drop a saved .hash sidecar onto the window to re-verify a file you hashed weeks or months ago, on any Mac. With one click, query VirusTotal using a SHA-256, SHA-1, or MD5 hash to see existing detections. Everything runs locally in a sandboxed, native macOS app - no account, no telemetry, no developer-operated backend, and never a single byte of your file uploaded anywhere. The only network request HashCalc ever makes is the VirusTotal hash lookup you explicitly trigger.

Built for Apple Silicon

HashCalc Pro is a native Swift application that ships as arm64 for Apple Silicon Macs (M1 and newer) - no Rosetta, no translation layer.

• Hardware-accelerated SHA family. SHA-1, SHA-256, SHA-384, and SHA-512 are backed by Apple's CryptoKit and CommonCrypto frameworks, which on M-series chips execute through the ARMv8 cryptography extensions - dedicated CPU instructions for SHA-1 and SHA-2. That means the algorithms most people actually care about (SHA-256 and SHA-512 verification) run at close to memory-read speed.
• Single streaming pass. Large files are read once in 8 MB chunks and every enabled hasher is updated from that same buffer, so adding more algorithms to a run doesn't cost an extra disk read. The Stats tab shows real throughput in MB/s so you can see it for yourself.
• Lean, first-party frameworks. The core hashing pipeline is built on Apple's own CryptoKit/CommonCrypto plus compact, vendored C implementations for the algorithms Apple doesn't provide - no heavy third-party runtimes.

Non-SHA algorithms (MD-family, RIPEMD, Tiger, Whirlpool, BLAKE2/BLAKE3, xxHash, CRC, and so on) don't map to dedicated silicon instructions on any CPU, but they run as native arm64 code on Apple Silicon and handle hundreds of megabytes per second in practice.

Who it's for

• Developers and release engineers - Check artifacts against published SHA-256 or SHA-512 values, batch many algorithms in one run, and copy the exact hex format your docs or CI expect.
• Security and IT teams - Turn an unknown file into MD5, SHA-1, and SHA-256 quickly for triage notes, then follow up with a VirusTotal hash lookup without uploading the file through HashCalc. Save a .hash sidecar for repeatable verification later.
• Anyone validating downloads or archives - Confirm an installer, disk image, or backup still matches a known-good digest, including very large files thanks to streaming reads and progress feedback.

What it actually does

• One read, many digests. Pick your algorithms once and the app reads the input a single time, feeding every chunk into every enabled hasher together. Large files stream in 8 MB chunks with a live progress bar and a Stop button.
• Three input modes. File (including drag-and-drop), plain text, or raw hex byte string.
• Find hash. The result grid has a search field that matches by algorithm name or by a run of hex digits anywhere in a result - useful when you're checking whether a specific digest value appears among the 48 rows.
• HMAC on algorithms that support it (MD/SHA/SHA-3 families, RIPEMD, Tiger, Whirlpool, Panama, BLAKE2b). Your key can be saved to the macOS Keychain® so you don't have to paste it every session.
• Shift-click any algorithm toggle to flip the entire default set on or off at once.

Algorithms (48)

• SHA: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256
• SHA-3 / Keccak: SHA3-224, SHA3-256, SHA3-384, SHA3-512, Keccak-256
• Legacy crypto digests: MD2, MD4, MD5
• RIPEMD: 128, 160, 256, 320
• Tiger: 128/160/192 in both 3-pass and 4-pass
• BLAKE: BLAKE2b-256, BLAKE2b-512, BLAKE3
• Other crypto: Whirlpool, Panama, GOST-94, GOST-94-CryptoPro
• Checksums and fast hashes: Adler-32, CRC-32, CRC-32B, CRC-32C, xxHash32, xxHash64, xxHash128, XXH3-64, MurmurHash3 (A / C / F), FNV-1 and FNV-1a (32 and 64), Jenkins one-at-a-time

Hex output formatting

Results render in hexadecimal with fine-grained layout controls, so you can match whatever format your docs, CI logs, or code expect:

• Letter case: all upper, all lower, high-nibble upper (Ab), or low-nibble upper (aB).
• Byte layout: plain, colon-separated, comma + space, C-style { 0x.., 0x.. }, array [0x.., 0x..], or custom.
• Custom layout: set a prefix/suffix that wraps the whole digest, plus a per-byte prefix, separator, and suffix. Copies out ready-to-paste into code or a CI manifest.

.hash sidecar files

Saving writes a JSON sidecar next to (or in a folder of your choosing beside) the source. Each sidecar records:

• The algorithm → hex digest map for every enabled hash in that run.
• An HMAC key fingerprint (not the key itself) when HMAC was used, so later verifications can check you're using the same secret.
• Generator metadata (app version, build flavor, ISO timestamps).
• A portable, tilde-abbreviated source path (for example ~/Desktop/file.txt), so the sidecar stays meaningful when moved between Macs with the same home-relative layout.

To verify later, drop the .hash file onto HashCalc - the app automatically pivots into verify mode, re-reads the original source, recomputes every stored hash, and reports per-algorithm match or mismatch. If the stored source isn't reachable under the current sandbox grant, HashCalc prompts you to point at it.

VirusTotal (optional)

Bring your own VirusTotal API key (free community account or paid tier). The key is stored in the macOS Keychain, never in plain preferences.

• Hash-only lookups. HashCalc sends the MD5, SHA-1, or SHA-256 from the current run to VirusTotal's /files/{hash} endpoint over HTTPS. Your file bytes never leave the machine through this path.
• Color-coded toast. The status toast is tinted by VirusTotal's detection verdict - green (no risk), amber (low), orange (medium), red (high), deep red (critical).
• Clear status line: VT Detections: [3/72] → Low Risk.
• Auto-lookup after calculation and detections dialog are opt-in.
• Rate limits. VirusTotal's public tier caps usage at 4 requests/minute and 500/day; HashCalc enforces that locally for public accounts. A Use paid/org account toggle skips local throttling for premium keys.

Inside the app

• Main - source input, HMAC key, algorithm toggles, result grid with find, progress, Calculate / VirusTotal / Write / Verify buttons.
• Theme - appearance mode (light, dark, system), font family picker over any installed font with a filter field, font size 11–22 pt, accent color and primary text color (with reset).
• Options - keep window on top, quit-confirmation dialog, .hash output folder, toast durations, hex output format, VirusTotal key and behavior.
• Stats - totals, throughput (MB/s wall), per-algorithm runs and timings, actions (HMAC runs, verifies, VirusTotal lookups, sidecars written, hashes copied), and time-wasted tracker.
• Credits - acknowledgments for the algorithms, references, and components behind the app.

Privacy-first. Always.

HashCalc Pro is built by a cybersecurity professional who believes user privacy is a fundamental right. Every decision, including what the app does and, just as importantly, what it doesn't do, is guided by a simple question: does this share anything the user didn't explicitly choose to share? If the answer is yes, it doesn't ship. This isn't a marketing claim; it's the standard the app is built on, and why you won't find unnecessary background components or hidden data collection.

• Sandboxed by design. The app reads only the files and folders you select. Access persists across launches using standard macOS security-scoped bookmarks, fully under your control.
• No account required. No sign-in, telemetry, analytics, or ads. No anonymized tracking or aggregated metrics. The developer operates no backend services that collect or observe user activity.
• No background network activity. The only network request is a VirusTotal hash lookup that you explicitly initiate. Only the hash is sent, never the file itself.
• Minimal Keychain usage. At most, two optional items may be stored: your HMAC secret and your VirusTotal API key. Both remain under your control and can be removed at any time.
• No dark patterns or quiet regressions. Any feature that would compromise these guarantees is excluded rather than hidden behind settings or added as an opt-in.

We mean this. Review the itemized commitments in the privacy policy, verify the app's behavior, and hold us to that standard.

Actively developed, shaped by your feedback

HashCalc Pro ships frequent updates, and the changelog reflects that work. Many improvements come directly from users who reported issues, requested features, or suggested better approaches. Every message submitted through the support form is read and considered on its own merits.

If something is missing, inefficient, or getting in your way, say so. Whether it's an additional algorithm, a formatting option, or a small usability issue, your input helps shape what comes next.

Requirements

macOS 15 (Sequoia) or later. Distributed exclusively on the Mac® App Store®.

Official distribution only

HashCalc Pro is available exclusively through the Mac App Store. There are no other legitimate sources. No third-party download sites, no direct DMGs, no GitHub releases, no "cracked" or "patched" builds - only the version Apple distributes from the official product page.

Any copy of HashCalc Pro obtained outside the Mac App Store should be treated as untrusted and potentially tampered with. This applies regardless of how legitimate the source appears. If you are ever unsure, use the App Store link on this site or search for HashCalc Pro directly in the Mac App Store on your Mac.

A tool built to verify file integrity is only worth trusting if you can verify it was obtained intact. Get it from the source.