6 .Nm md5 , sha1 , sha224 , sha256 , sha384 ,
7 .Nm sha512 , sha512t224 , sha512t256 ,
8 .Nm rmd160 , skein256 , skein512 , skein1024 ,
9 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum ,
10 .Nm sha512sum , sha512t224sum , sha512t256sum ,
11 .Nm rmd160sum , skein256sum , skein512sum , skein1024sum
12 .Nd calculate a message-digest fingerprint (checksum) for a file
26 (All other hashes have the same options and usage.)
29 .Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t224 , sha512t256 ,
30 .Nm rmd160 , skein256 , skein512 ,
33 utilities take as input a message of arbitrary length and produce as
40 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum ,
41 .Nm sha512t224sum , sha512t256sum , rmd160sum , skein256sum , skein512sum ,
44 utilities do the same, but default to the reversed format of
48 It is conjectured that it is computationally infeasible to
49 produce two messages having the same message digest, or to produce any
50 message having a given prespecified target message digest.
51 The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
53 algorithms are intended for digital signature applications, where a
56 in a secure manner before being encrypted with a private
58 key under a public-key cryptosystem such as RSA.
60 The MD5 and SHA-1 algorithms have been proven to be vulnerable to practical
61 collision attacks and should not be relied upon to produce unique outputs,
62 .Em nor should they be used as part of a cryptographic signature scheme.
63 As of 2017-03-02, there is no publicly known method to
65 either algorithm, i.e., to find an input that produces a specific
68 SHA-512t256 is a version of SHA-512 truncated to only 256 bits.
69 On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but
70 with the same level of security.
71 The hashes are not interchangeable.
73 SHA-512t224 is identical to SHA-512t256, but with the digest truncated
76 It is recommended that all new applications use SHA-512 or SKEIN-512
77 instead of one of the other hash functions.
79 The following options may be used in any combination and must
80 precede any files named on the command line.
81 The hexadecimal checksum of each file listed on the command line is printed
82 after the options are processed.
83 .Bl -tag -width indent
87 programs separate hash and digest with a blank followed by an asterisk instead
88 of by 2 blank characters for full compatibility with the output generated by the
89 coreutils versions of these programs.
91 If the program was called with a name that does not end in
93 compare the digest of the file against this string.
96 option, the calculated digest is printed in addition to the exit status being set.
97 .Pq Note that this option is not yet useful if multiple files are specified.
99 If the program was called with a name that does end in
101 the file passed as argument must contain digest lines generated by the same
102 digest algorithm with or without the
105 .Pq i.e., in either classical BSD format or in GNU coreutils format .
106 A line with the file name followed by a colon
108 and either OK or FAILED is written for each well-formed line in the digest file.
109 If applicable, the number of failed comparisons and the number of lines that were
110 skipped since they were not well-formed are printed at the end.
113 option can be used to quiesce the output unless there are mismatched entries in
117 Print a checksum of the given
120 Echo stdin to stdout and append the checksum to stdout.
122 Quiet mode \(em only the checksum is printed out.
127 Reverses the format of the output.
128 This helps with visual diffs.
130 when combined with the
134 Run a built-in time trial.
137 versions, this is a nop for compatibility with coreutils.
139 Run a built-in test script.
143 .Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
144 .Nm skein256 , skein512 ,
147 utilities exit 0 on success,
148 1 if at least one of the input files could not be read,
149 and 2 if at least one file does not have the same hash as the
153 Calculate the MD5 checksum of the string
155 .Bd -literal -offset indent
157 MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
160 Same as above, but note the absence of the newline character in the input
162 .Bd -literal -offset indent
163 $ echo -n Hello | md5
164 8b1a9953c4611296a827abf8c47804d7
167 Calculate the checksum of multiple files reversing the output:
168 .Bd -literal -offset indent
169 $ md5 -r /boot/loader.conf /etc/rc.conf
170 ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
171 d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
175 variants put 2 blank characters between hash and file name for full compatibility
176 with the coreutils versions of these commands.
180 .Pa /boot/loader.conf
183 Then calculate the checksum again and validate it against the checksum string
187 .Bd -literal -offset indent
188 $ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
189 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
192 Same as above but comparing the digest against an invalid string
193 .Pq Dq randomstring ,
194 which results in a failure.
195 .Bd -literal -offset indent
196 $ md5 -c randomstring /boot/loader.conf
197 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
200 If invoked with a name ending in
204 option does not compare against a hash string passed as parameter.
205 Instead, it expects a digest file, as created under the name
208 .Pa /boot/loader.conf
209 in the example above.
210 .Bd -literal -offset indent
211 $ md5 -c digest /boot/loader.conf
212 /boot/loader.conf: OK
215 The digest file may contain any number of lines in the format generated with or without the
218 .Pq i.e., in either classical BSD format or in GNU coreutils format .
219 If a hash value does not match the file, FAILED is printed instead of OK.
231 .%T The MD5 Message-Digest Algorithm
236 .%T The Secure Hash Standard
240 .%A D. Eastlake and P. Jones
241 .%T US Secure Hash Algorithm 1
245 RIPEMD-160 is part of the ISO draft standard
246 .Qq ISO/IEC DIS 10118-3
247 on dedicated hash functions.
249 Secure Hash Standard (SHS):
250 .Pa https://www.nist.gov/publications/secure-hash-standard-shs
253 .Pa https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
255 All of the utilities that end in
257 are intended to be compatible with the GNU coreutils programs.
258 However, the long option functionality is not provided.
260 This program is placed in the public domain for free general use by
263 Support for SHA-1 and RIPEMD-160 has been added by
264 .An Oliver Eikemeier Aq Mt eik@FreeBSD.org .