6 .Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
7 .Nm skein256 , skein512 , skein1024 ,
8 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum ,
9 .Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , skein1024sum
10 .Nd calculate a message-digest fingerprint (checksum) for a file
24 (All other hashes have the same options and usage.)
27 .Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512, sha512t256, rmd160,
28 .Nm skein256, skein512,
31 utilities take as input a message of arbitrary length and produce as
38 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum ,
39 .Nm sha512t256sum , rmd160sum , skein256sum , skein512sum ,
42 utilities do the same, but default to the reversed format of
46 It is conjectured that it is computationally infeasible to
47 produce two messages having the same message digest, or to produce any
48 message having a given prespecified target message digest.
50 .Tn SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
53 algorithms are intended for digital signature applications, where a
56 in a secure manner before being encrypted with a private
58 key under a public-key cryptosystem such as
65 algorithms have been proven to be vulnerable to practical collision
66 attacks and should not be relied upon to produce unique outputs,
67 .Em nor should they be used as part of a cryptographic signature scheme.
68 As of 2017-03-02, there is no publicly known method to
70 either algorithm, i.e. to find an input that produces a specific
76 truncated to only 256 bits.
77 On 64-bit hardware, this algorithm is approximately 50% faster than
79 but with the same level of security.
80 The hashes are not interchangeable.
82 It is recommended that all new applications use
86 instead of one of the other hash functions.
88 The following options may be used in any combination and must
89 precede any files named on the command line.
90 The hexadecimal checksum of each file listed on the command line is printed
91 after the options are processed.
92 .Bl -tag -width indent
96 programs separate hash and digest with a blank followed by an asterisk instead
97 of by 2 blank characters for full compatibility with the output generated by the
98 coreutils versions of these programs.
100 If the program was called with a name that does not end in
102 compare the digest of the file against this string.
103 .Pq Note that this option is not yet useful if multiple files are specified.
105 If the program was called with a name that does end in
107 the file passed as argument must contain digest lines generated by the same
108 digest algorithm with or without the
111 .Pq i.e. in either classical BSD format or in GNU coreutils format .
112 A line with the file name followed by a colon
114 and either OK or FAILED is written for each well-formed line in the digest file.
115 If applicable, the number of failed comparisons and the number of lines that were
116 skipped since they were not well-formed are printed at the end.
119 option can be used to quiesce the output unless there are mismatched entries in
123 Print a checksum of the given
126 Echo stdin to stdout and append the checksum to stdout.
128 Quiet mode \(em only the checksum is printed out.
133 Reverses the format of the output.
134 This helps with visual diffs.
136 when combined with the
140 Run a built-in time trial.
143 versions, this is a nop for compatibility with coreutils.
145 Run a built-in test script.
149 .Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
150 .Nm skein256 , skein512,
153 utilities exit 0 on success,
154 1 if at least one of the input files could not be read,
155 and 2 if at least one file does not have the same hash as the
161 Calculate the MD5 checksum of the string
163 .Bd -literal -offset indent
165 MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
168 Same as above, but note the absence of the newline character in the input
170 .Bd -literal -offset indent
171 $ echo -n Hello | md5
172 8b1a9953c4611296a827abf8c47804d7
175 Calculate the checksum of multiple files reversing the output:
176 .Bd -literal -offset indent
177 $ md5 -r /boot/loader.conf /etc/rc.conf
178 ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
179 d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
183 variants put 2 blank characters between hash and file name for full compatibilty
184 with the coreutils versions of these commands.
188 .Pa /boot/loader.conf
191 Then calculate the checksum again and validate it against the checksum string
195 .Bd -literal -offset indent
196 $ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
197 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
200 Same as above but comparing the digest against an invalid string
201 .Pq Dq randomstring ,
202 which results in a failure.
203 .Bd -literal -offset indent
204 $ md5 -c randomstring /boot/loader.conf
205 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
208 If invoked with a name ending in
212 option does not compare against a hash string passed as parameter.
213 Instead, it expects a digest file, as created under the name
216 .Pa /boot/loader.conf
217 in the example above.
218 .Bd -literal -offset indent
219 $ md5 -c digest /boot/loader.conf
220 /boot/loader.conf: OK
223 The digest file may contain any number of lines in the format generated with or without the
226 .Pq i.e. in either classical BSD format or in GNU coreutils format .
227 If a hash value does not match the file, FAILED is printed instead of OK.
228 >>>>>>> c2870e576bd2 (sbin/md5: improve compatibility with coreutils -c option)
241 .%T The MD5 Message-Digest Algorithm
246 .%T The Secure Hash Standard
250 .%A D. Eastlake and P. Jones
251 .%T US Secure Hash Algorithm 1
255 RIPEMD-160 is part of the ISO draft standard
256 .Qq ISO/IEC DIS 10118-3
257 on dedicated hash functions.
259 Secure Hash Standard (SHS):
260 .Pa http://csrc.nist.gov/cryptval/shs.html .
263 .Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html .
265 All of the utilities that end in
267 are intended to be compatible with the GNU coreutils programs.
268 However, the long option functionality is not provided.
270 This program is placed in the public domain for free general use by
273 Support for SHA-1 and RIPEMD-160 has been added by
274 .An Oliver Eikemeier Aq Mt eik@FreeBSD.org .