> I explained my situation, which is that Windows out-of-the-box does not provide a tool to verify the provided sha3sum. There are numerous possible workarounds, none of them are ideal. Here is yet another suggestion: Since security is important to your company, and in particular security associated with SQLite databases and the programs used to access those databases, perhaps your company could enter into a [paid technical support][1] arrangement with the SQLite developers. In that way, you would help to fund our continuous and ongoing efforts to protect the SQLite code base from unauthorized tampering. And as a paying client, you can probably convince us to send full-vetted SQLite source files or builds to you via whatever secure channel you find most convenient. [1]: https://www.sqlite.org/prosupport.html By returning a very small percentage of the value you receive from SQLite back to the SQLite developers (still keeping the vast majority of that value for yourselves), you will be helping to protect your supply chain and at the same time simplifying your own operations by making it easier to obtain validated and trusted SQLite code.