6 .Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
7 .Nm skein256 , skein512 , skein1024 ,
8 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum ,
9 .Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , skein1024sum
10 .Nd calculate a message-digest fingerprint (checksum) for a file
24 (All other hashes have the same options and usage.)
27 .Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
28 .Nm skein256 , skein512 ,
31 utilities take as input a message of arbitrary length and produce as
38 .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum ,
39 .Nm sha512t256sum , rmd160sum , skein256sum , skein512sum ,
42 utilities do the same, but default to the reversed format of
46 It is conjectured that it is computationally infeasible to
47 produce two messages having the same message digest, or to produce any
48 message having a given prespecified target message digest.
49 The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
51 algorithms are intended for digital signature applications, where a
54 in a secure manner before being encrypted with a private
56 key under a public-key cryptosystem such as RSA.
58 The MD5 and SHA-1 algorithms have been proven to be vulnerable to practical
59 collision attacks and should not be relied upon to produce unique outputs,
60 .Em nor should they be used as part of a cryptographic signature scheme.
61 As of 2017-03-02, there is no publicly known method to
63 either algorithm, i.e., to find an input that produces a specific
66 SHA-512t256 is a version of SHA-512 truncated to only 256 bits.
67 On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but
68 with the same level of security.
69 The hashes are not interchangeable.
71 It is recommended that all new applications use SHA-512 or SKEIN-512
72 instead of one of the other hash functions.
74 The following options may be used in any combination and must
75 precede any files named on the command line.
76 The hexadecimal checksum of each file listed on the command line is printed
77 after the options are processed.
78 .Bl -tag -width indent
80 Ignored for compatibility with the coreutils
84 If the program was called with a name that does not end in
86 compare the digest of the file against this string.
87 .Pq Note that this option is not yet useful if multiple files are specified.
89 If the program was called with a name that does end in
91 the file passed as argument must contain digest lines generated by the same digest algorithm
95 .Pq i.e. in either classical BSD format or in GNU coreutils format .
96 A line with file name followed by
98 and either OK or FAILED is written for each well-formed line in the digest file.
99 If applicable, the number of failed comparisons and the number of lines that were
100 skipped since they were not well-formed are printed at the end.
103 option can be used to quiesce the output unless there are mismatched entries in
107 Print a checksum of the given
110 Echo stdin to stdout and append the checksum to stdout.
112 Quiet mode \(em only the checksum is printed out.
117 Reverses the format of the output.
118 This helps with visual diffs.
120 when combined with the
124 Run a built-in time trial.
127 versions, this is a nop for compatibility with coreutils.
129 Run a built-in test script.
133 .Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
134 .Nm skein256 , skein512 ,
137 utilities exit 0 on success,
138 1 if at least one of the input files could not be read,
139 and 2 if at least one file does not have the same hash as the
143 Calculate the MD5 checksum of the string
145 .Bd -literal -offset indent
147 MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
150 Same as above, but note the absence of the newline character in the input
152 .Bd -literal -offset indent
153 $ echo -n Hello | md5
154 8b1a9953c4611296a827abf8c47804d7
157 Calculate the checksum of multiple files reversing the output:
158 .Bd -literal -offset indent
159 $ md5 -r /boot/loader.conf /etc/rc.conf
160 ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
161 d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
165 .Pa /boot/loader.conf
168 Then calculate the checksum again and validate it against the checksum string
172 .Bd -literal -offset indent
173 $ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
174 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
177 Same as above but comparing the digest against an invalid string
178 .Pq Dq randomstring ,
179 which results in a failure.
180 .Bd -literal -offset indent
181 $ md5 -c randomstring /boot/loader.conf
182 MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
185 If invoked with a name ending in
189 option does not compare against a hash string passed as parameter.
190 Instead, it expects a digest file, as created under the name
193 .Pa /boot/loader.conf
194 in the example above.
195 .Bd -literal -offset indent
196 $ md5 -c digest /boot/loader.conf
197 /boot/loader.conf: OK
200 The digest file may contain any number of lines in the format generated with or without the
203 .Pq i.e. in either classical BSD format or in GNU coreutils format .
204 If a hash value does not match the file, FAILED is printed instead of OK.
216 .%T The MD5 Message-Digest Algorithm
221 .%T The Secure Hash Standard
225 .%A D. Eastlake and P. Jones
226 .%T US Secure Hash Algorithm 1
230 RIPEMD-160 is part of the ISO draft standard
231 .Qq ISO/IEC DIS 10118-3
232 on dedicated hash functions.
234 Secure Hash Standard (SHS):
235 .Pa http://csrc.nist.gov/cryptval/shs.html .
238 .Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html .
240 All of the utilities that end in
242 are intended to be compatible with the GNU coreutils programs.
243 However, the long option functionality is not provided.
245 This program is placed in the public domain for free general use by
248 Support for SHA-1 and RIPEMD-160 has been added by
249 .An Oliver Eikemeier Aq Mt eik@FreeBSD.org .