Sha1sum Explained

is a computer program that calculates and verifies SHA-1 hashes. It is commonly used to verify the integrity of files. It (or a variant) is installed by default on most Linux distributions. Typically distributed alongside are , , and , which use a specific SHA-2 hash function and ,^[1] which uses the BLAKE2 cryptographic hash function.

The SHA-1 variants are proven vulnerable to collision attacks, and users should instead use, for example, a SHA-2 variant such as or the BLAKE2 variant to prevent tampering by an adversary.^{[2] [3]}

It is included in GNU Core Utilities,^[4] Busybox (excluding ),^[5] and Toybox (excluding ).^[6] Ports to a wide variety of systems are available, including Microsoft Windows.

Examples

To create a file with a SHA-1 hash in it, if one is not provided:$ sha1sum filename [filename2] ... > SHA1SUM

If distributing one file, the file extension may be appended to the filename e.g.:$ sha1sum --binary my-zip.tar.gz > my-zip.tar.gz.sha1

The output contains one line per file of the form "{hash} SPACE (ASTERISK|SPACE) [{directory} SLASH] {filename}". (Note well, if the hash digest creation is performed in text mode instead of binary mode, then there will be two space characters instead of a single space character and an asterisk.) For example:$ sha1sum -b my-zip.tar.gzd5db29cd03a2ed055086cef9c31c252b4587d6d0 *my-zip.tar.gz$ sha1sum -b subdir/filename255086cef9c87d6d031cd5db29cd03a2ed0252b45 *subdir/filename2

To verify that a file was downloaded correctly or that it has not been tampered with:$ sha1sum -c SHA1SUMfilename: OKfilename2: OK$ sha1sum -c my-zip.tar.gz.sha1my-zip.tar.gz: OK

Hash file trees

can only create checksums of one or multiple files inside a directory, but not of a directory tree, i.e. of subdirectories, sub-subdirectories, etc. and the files they contain. This is possible by using in combination with the [[Find_(Unix)|find]] command with the option, or by piping the output from into [[xargs]]. can create checksums of a directory tree.

To use with :$ find s_* -type f -exec sha1sum '' \;65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s215590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02

Likewise, piping the output from into yields the same output:$ find s_* -type f | xargs sha1sum65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s215590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02

Related programs

• is a Perl program to calculate any of SHA-1, 224, 256, 384, 512 hashes. It is part of the ActivePerl distribution.
• is a similarly named program that calculates SHA-3, HAKE, RawSHAKE, and Keccak functions.
• The naming convention is also used by the BLAKE team with and, by the program [[tthsum]], and many others.
• On FreeBSD and OpenBSD, the utilities are called,,, and . These versions offer slightly different options and features. Additionally, FreeBSD offers the Skein family of message digests.

See also

• • • • GNU Core Utilities

External links

• • sha1sum for Windows announcement
• FreeBSD Manual Pages md5
• OpenBSD General Commands Manual md5

Notes and References

1. Web site: b2sum source code in GNU coreutils. 29 Jan 2022. GNU coreutils mirror at GitHub.
2. Web site: Cryptanalysis of SHA-1. Bruce Schneier. Schneier on Security.
3. Web site: Announcing the first SHA1 collision.
4. Web site: Sha1sum invocation (GNU Coreutils 9.0).
5. Web site: Mirror/Busybox. . 26 October 2021.
6. Web site: Landley/Toybox. . 26 October 2021.