is a
computer program
A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...
that calculates and verifies
SHA-1
In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...
hashes. It is commonly used to verify the integrity of files. It (or a variant) is installed by default on most
Linux distribution
A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...
s. Typically distributed alongside are , , and , which use a specific
SHA-2
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
hash function and , which uses the
BLAKE2
BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha (cipher), ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants ...
cryptographic hash function.
The SHA-1 variants are ''proven'' vulnerable to
collision attack
In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.
There are roughly ...
s, and users should instead use, for example, a SHA-2 variant such as or the
BLAKE2
BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha (cipher), ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants ...
variant to prevent tampering by an adversary.
It is included in
GNU Core Utilities
The GNU Core Utilities or coreutils is a collection of GNU software that implements many standard, Unix-based shell commands. The utilities generally provide POSIX compliant interface when the environment variable is set, but otherwise offers ...
,
Busybox
BusyBox is a software suite that provides several List of Unix commands, Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android (operating system), Android, and FreeBSD, although many of the ...
(excluding ), and
Toybox
Toybox is a free and open-source software implementation of over 200 Unix command line utilities such as '' ls'', '' cp'', and '' mv''. The Toybox project was started in 2006, and became a 0BSD licensed BusyBox alternative. Toybox is used for m ...
(excluding ). Ports to a wide variety of systems are available, including
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
.
Examples
To create a file with a SHA-1 hash in it, if one is not provided:
$ sha1sum filename ilename2... > SHA1SUM
If distributing one file, the
file extension
File or filing may refer to:
Mechanical tools and processes
* File (tool), a tool used to remove fine amounts of material from a workpiece.
** Filing (metalworking), a material removal process in manufacturing
** Nail file, a tool used to gen ...
may be appended to the filename e.g.:
$ sha1sum --binary my-zip.tar.gz > my-zip.tar.gz.sha1
The output contains one line per file of the form "
SPACE (ASTERISK, SPACE) SLASH
Slash may refer to:
* Slash (punctuation), the "/" character
Arts and entertainment Fictional characters
* Slash (Marvel Comics)
* Slash (''Teenage Mutant Ninja Turtles'')
Music
* Harry Slash & The Slashtones, an American rock band
* Nash th ...
". (Note well, if the hash digest creation is performed in text mode instead of binary mode, then there will be two space characters instead of a single space character and an asterisk.) For example:
$ sha1sum -b my-zip.tar.gz
d5db29cd03a2ed055086cef9c31c252b4587d6d0 *my-zip.tar.gz
$ sha1sum -b subdir/filename2
55086cef9c87d6d031cd5db29cd03a2ed0252b45 *subdir/filename2
To verify that a file was downloaded correctly or that it has not been tampered with:
$ sha1sum -c SHA1SUM
filename: OK
filename2: OK
$ sha1sum -c my-zip.tar.gz.sha1
my-zip.tar.gz: OK
Hash file trees
can only create checksums of one or multiple files inside a directory, but not of a directory tree, i.e. of subdirectories, sub-subdirectories, etc. and the files they contain. This is possible by using in combination with the
find
command with the option, or by
piping
Within industry, piping is a system of pipes used to convey fluids (liquids and gases) from one location to another. The engineering discipline of piping design studies the efficient transport of fluid.
Industrial process piping (and accomp ...
the output from into
xargs
xargs (short for "extended arguments") is a command on Unix and most Unix-like operating systems used to build and execute commands from standard input. It converts input from standard input into arguments to a command.
Some commands such as gre ...
. can create checksums of a directory tree.
To use with :
$ find s_* -type f -exec sha1sum '' \;
65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11
d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s21
5590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02
Likewise, piping the output from into yields the same output:
$ find s_* -type f , xargs sha1sum
65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11
d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s21
5590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02
Related programs
* is a
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Though Perl is not officially an acronym, there are various backronyms in use, including "Practical Extraction and Reporting Language".
Perl was developed ...
program to calculate any of SHA-1, 224, 256, 384, 512 hashes. It is part of the
ActivePerl
ActivePerl is a distribution of Perl from ActiveState (formerly part of Sophos) for Windows, macOS, Linux, Solaris, AIX and HP-UX.
A few main editions are available, including: Community (free, for development use only), and several paid tiers ...
distribution.
* is a similarly named program that calculates
SHA-3
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like stru ...
, HAKE, RawSHAKE, and
Keccak
SHA-3 (Secure Hash Algorithm 3) is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like struct ...
functions.
* The naming convention is also used by the
BLAKE team with and , by the program
tthsum
, and many others.
* On
FreeBSD
FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
and
OpenBSD
OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...
, the utilities are called , , , and . These versions offer slightly different options and features. Additionally, FreeBSD offers the
Skein family of message digests.
See also
*
*
*
*
GNU Core Utilities
The GNU Core Utilities or coreutils is a collection of GNU software that implements many standard, Unix-based shell commands. The utilities generally provide POSIX compliant interface when the environment variable is set, but otherwise offers ...
References
External links
*
sha1sum for Windows announcementFreeBSD Manual Pages md5OpenBSD General Commands Manual md5
{{Core Utilities commands
Cryptographic software
Unix security-related software