diff --git a/src/core/cipher.rs b/src/core/cipher.rs
index cf2fe34..10380d9 100644
--- a/src/core/cipher.rs
+++ b/src/core/cipher.rs
@@ -69,6 +69,11 @@ impl Cipher {
         }
     }
 
+    /// Generates [`sha::sha256`] hash for the data
+    pub fn sha256(&self, data: &[u8]) -> String {
+        hex::encode(sha::sha256(data))
+    }
+
     /// Encrypts pem using [`XORCryptor`]
     pub fn encrypt_pem(&self, key: &Uuid, pem: String) -> Result<String, CipherError> {
         let xrc = match XORCryptor::new(&key.to_string()) {
@@ -155,7 +160,7 @@ impl Cipher {
         let time = format!("{}", time);
         (
             self.encode_string(time.as_bytes()),
-            hex::encode(sha::sha256(data.as_bytes())),
+            self.sha256(data.as_bytes()),
         )
     }
 }
diff --git a/src/handlers/api.rs b/src/handlers/api.rs
index 8b1364b..f19e458 100644
--- a/src/handlers/api.rs
+++ b/src/handlers/api.rs
@@ -118,6 +118,11 @@ pub async fn decrypt(
         Err(err) => return Err(AppError::BadRequest(err.as_str())),
     };
 
+    let hash = cipher.sha256(data.as_bytes());
+    if hash != claw.sha256 {
+        return Err(AppError::BadRequest("SHA256 checksum do not match"));
+    }
+
     // delete claw and claw_key
     match dao::delete_claw(claw.id, &db).await {
         Ok(_) => (),