sha256sum - Linux
Overview
The sha256sum
command is used to compute or verify SHA-256 cryptographic hash values. The output of this command is a 256-bit (32-byte) hash string that represents the contents of a file. This command is commonly employed to ensure data integrity, by verifying that the data received or transferred is the same as the original, which is especially useful in verifying download integrity and in security contexts.
Syntax
The basic usage syntax of sha256sum
is as follows:
sha256sum [OPTION]... [FILE]...
- [OPTION]: Includes options that alter the behavior of the command (e.g.,
--check
,--status
). - [FILE]: Represents one or more files to check. If no file is specified, or if the file specified is
-
, it reads from standard input.
Options/Flags
Here are some of the common options and flags for sha256sum
:
- –check: Read SHA-256 sums from the files and check them.
- –status: Don’t output anything, status code shows success.
- –warn: Warn about improperly formatted checksum lines.
- –strict: Exit non-zero for improperly formatted checksum lines.
- -b, –binary: Read in binary mode (default).
- -t, –text: Read in text mode (the effect depends on the system, usually this influences output format).
- –quiet: Don’t print OK for each successfully verified file.
- –ignore-missing: Ignore missing files and treat as valid.
Examples
-
Generate SHA-256 hash of a file:
sha256sum filename.txt
-
Check SHA-256 hash of a file against a given list:
sha256sum -c filename.sha256sum
This checks the hash stored in
filename.sha256sum
against the file listed there. -
Generate hashes for multiple files:
sha256sum file1.txt file2.txt > checksums.sha256sum
-
Check hashes for multiple files:
sha256sum --check checksums.sha256sum
Common Issues
- Incorrect formatting in checksum files: Make sure the checksum file format is correct – one hash per line followed by a space and the filename.
- Binary vs. text mode discrepancies: Results might differ across systems due to binary/text mode differences, always ensure the correct mode flag is used based on the file contents and system.
Integration
sha256sum
can be integrated with bash scripts or combined with other commands like wget
for automating download and verification processes:
wget http://example.com/file.zip
wget http://example.com/file.zip.sha256
sha256sum --check file.zip.sha256
This script downloads a file and its SHA-256 checksum, then verifies the integrity of the file.
Related Commands
md5sum
: Calculates MD5 hashes, less secure and shorter than SHA-256.sha1sum
: Similar tosha256sum
but uses SHA-1 hash, which is less robust compared to SHA-256.
For further reading and more detailed information, consult the sha256sum manual page: man sha256sum
or visit the GNU Coreutils page online.