sha256sum - Linux

Overview

The sha256sum command is used to compute or verify SHA-256 cryptographic hash values. The output of this command is a 256-bit (32-byte) hash string that represents the contents of a file. This command is commonly employed to ensure data integrity, by verifying that the data received or transferred is the same as the original, which is especially useful in verifying download integrity and in security contexts.

Syntax

The basic usage syntax of sha256sum is as follows:

sha256sum [OPTION]... [FILE]...
  • [OPTION]: Includes options that alter the behavior of the command (e.g., --check, --status).
  • [FILE]: Represents one or more files to check. If no file is specified, or if the file specified is -, it reads from standard input.

Options/Flags

Here are some of the common options and flags for sha256sum:

  • –check: Read SHA-256 sums from the files and check them.
  • –status: Don’t output anything, status code shows success.
  • –warn: Warn about improperly formatted checksum lines.
  • –strict: Exit non-zero for improperly formatted checksum lines.
  • -b, –binary: Read in binary mode (default).
  • -t, –text: Read in text mode (the effect depends on the system, usually this influences output format).
  • –quiet: Don’t print OK for each successfully verified file.
  • –ignore-missing: Ignore missing files and treat as valid.

Examples

  1. Generate SHA-256 hash of a file:

    sha256sum filename.txt

  2. Check SHA-256 hash of a file against a given list:

    sha256sum -c filename.sha256sum

    This checks the hash stored in filename.sha256sum against the file listed there.

  3. Generate hashes for multiple files:

    sha256sum file1.txt file2.txt > checksums.sha256sum

  4. Check hashes for multiple files:

    sha256sum --check checksums.sha256sum

Common Issues

  • Incorrect formatting in checksum files: Make sure the checksum file format is correct – one hash per line followed by a space and the filename.
  • Binary vs. text mode discrepancies: Results might differ across systems due to binary/text mode differences, always ensure the correct mode flag is used based on the file contents and system.

Integration

sha256sum can be integrated with bash scripts or combined with other commands like wget for automating download and verification processes:

wget http://example.com/file.zip
wget http://example.com/file.zip.sha256
sha256sum --check file.zip.sha256

This script downloads a file and its SHA-256 checksum, then verifies the integrity of the file.

  • md5sum: Calculates MD5 hashes, less secure and shorter than SHA-256.
  • sha1sum: Similar to sha256sum but uses SHA-1 hash, which is less robust compared to SHA-256.

For further reading and more detailed information, consult the sha256sum manual page: man sha256sum or visit the GNU Coreutils page online.