Thanks for the suggestion of an OpenSSL binary. It could work, except ... the binary is from an unknown third party and "Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project." I don't see why I should be required to trust and verify TWO downloads instead of one. So I'm going to pass on the third party OpenSSL exe. I explained my situation, which is that Windows out-of-the-box does not provide a tool to verify the provided sha3sum. There are numerous possible workarounds, none of them are ideal. My suggestion was to provide a second hash, which seems reasonable to me, although I will admit it's also not ideal. Some people have provided other reasonable workarounds. Not all of them work for me, and I choose not to use the possible ones because in my view it's illogical to engage in risky behavior B in order to "reduce risk" in scenario A. But I wish to give thanks for all the helpful links so far. If this were my own pc rather than my employer's I probably would use one of them. In the absence of any ideal solution, I'm not going to get upset if my own non-ideal suggestion is not taken up. In the meantime I'll continue to use the older working sqlite here, albeit without the option of a clustered index. I am upset though by a more recent comment, and will reply to it separately. Maybe it won't pass moderation... Anonymous because on a work pc and I'm note supposed to risk the reputation of my employer.