Sha1sum

Last updated

sha1sum is a computer program that calculates and verifies SHA-1 hashes. It is commonly used to verify the integrity of files. It (or a variant) is installed by default on most Linux distributions. Typically distributed alongside sha1sum are sha224sum, sha256sum, sha384sum and sha512sum, which use a specific SHA-2 hash function and b2sum, [1] which uses the BLAKE2 cryptographic hash function.

Contents

The SHA-1 variants are proven vulnerable to collision attacks, and users should instead use, for example, a SHA-2 variant such as sha256sum or the BLAKE2 variant b2sum to prevent tampering by an adversary. [2] [3]

It is included in GNU Core Utilities, [4] Busybox (excluding b2sum), [5] and Toybox (excluding b2sum). [6] Ports to a wide variety of systems are available, including Microsoft Windows.

Examples

To create a file with a SHA-1 hash in it, if one is not provided:

$ sha1sumfilename[filename2]...>SHA1SUM 

If distributing one file, the .sha1 file extension may be appended to the filename e.g.:

$ sha1sum--binarymy-zip.tar.gz>my-zip.tar.gz.sha1 

The output contains one line per file of the form "{hash} SPACE (ASTERISK|SPACE) [{directory} SLASH] {filename}". (Note well, if the hash digest creation is performed in text mode instead of binary mode, then there will be two space characters instead of a single space character and an asterisk.) For example:

$ sha1sum-bmy-zip.tar.gz d5db29cd03a2ed055086cef9c31c252b4587d6d0 *my-zip.tar.gz$ sha1sum-bsubdir/filename2 55086cef9c87d6d031cd5db29cd03a2ed0252b45 *subdir/filename2

To verify that a file was downloaded correctly or that it has not been tampered with:

$ sha1sum-cSHA1SUM filename: OKfilename2: OK$ sha1sum-cmy-zip.tar.gz.sha1 my-zip.tar.gz: OK

Hash file trees

sha1sum can only create checksums of one or multiple files inside a directory, but not of a directory tree, i.e. of subdirectories, sub-subdirectories, etc. and the files they contain. This is possible by using sha1sum in combination with the find command with the -exec option, or by piping the output from find into xargs . sha1deep can create checksums of a directory tree.

To use sha1sum with find:

$ finds_*-typef-execsha1sum'{}'\;65c23f142ff6bcfdddeccebc0e5e63c41c9c1721  s_1/file_s11d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2  s_2/file_s215590e00ea904568199b86aee4b770fb1b5645ab8  s_a/file_02

Likewise, piping the output from find into xargs yields the same output:

$ finds_*-typef|xargssha1sum 65c23f142ff6bcfdddeccebc0e5e63c41c9c1721  s_1/file_s11d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2  s_2/file_s215590e00ea904568199b86aee4b770fb1b5645ab8  s_a/file_02

See also

Related Research Articles

gzip GNU file compression/decompression tool

gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and intended for use by GNU. Version 0.1 was first publicly released on 31 October 1992, and version 1.0 followed in February 1993.

In computing, tar is a computer software utility for collecting many files into one archive file, often referred to as a tarball, for distribution or backup purposes. The name is derived from "tape archive", as it was originally developed to write data to sequential I/O devices with no file system of their own. The archive data sets created by tar contain various file system parameters, such as name, timestamps, ownership, file-access permissions, and directory organization. POSIX abandoned tar in favor of pax, yet tar sees continued widespread use.

ls Command to list files and directories in Unix and Unix-like operating systems

In computing, ls is a command to list computer files and directories in Unix and Unix-like operating systems. It is specified by POSIX and the Single UNIX Specification.

ln (Unix) Unix file management utility

The ln command is a standard Unix command utility used to create a hard link or a symbolic link (symlink) to an existing file or directory. The use of a hard link allows multiple filenames to be associated with the same file since a hard link points to the inode of a given file, the data of which is stored on disk. On the other hand, symbolic links are special files that refer to other files by name.

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes, as described in RFC 1321. The MD5 hash functions as a compact digital fingerprint of a file. As with all such hashing algorithms, there is theoretically an unlimited number of files that will have any given MD5 hash. However, it is very unlikely that any two non-identical files in the real world will have the same MD5 hash, unless they have been specifically created to have the same hash.

Simple file verification (SFV) is a file format for storing CRC32 checksums of files to verify the integrity of files. SFV is used to verify that a file has not been corrupted, but it does not otherwise verify the file's authenticity. The .sfv file extension is usually used for SFV files.

<span class="mw-page-title-main">BusyBox</span> Collection of Unix tools in a single executable file

BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with interfaces provided by the Linux kernel. It was specifically created for embedded operating systems with very limited resources. The authors dubbed it "The Swiss Army knife of Embedded Linux", as the single executable replaces basic functions of more than 300 common commands. It is released as free software under the terms of the GNU General Public License v2, after controversially deciding not to move to version 3.

wc (Unix) Unix command utility

wc is a command in Unix, Plan 9, Inferno, and Unix-like operating systems. The program reads either standard input or a list of computer files and generates one or more of the following statistics: newline count, word count, and byte count. If a list of files is provided, both individual file and total statistics follow.

pax is an archiving utility available for various operating systems and defined since 1995. Rather than sort out the incompatible options that have crept up between tar and cpio, along with their implementations across various versions of Unix, the IEEE designed new archive utility pax that could support various archive formats with useful options from both archivers. The pax command is available on Unix and Unix-like operating systems and on IBM i, and Microsoft Windows NT until Windows 2000.

cp (Unix) Unix command utility

In computing, cp is a command in various Unix and Unix-like operating systems for copying files and directories. The command has three principal modes of operation, expressed by the types of arguments presented to the program for copying a file to another file, one or more files to a directory, or for copying entire directories to another directory.

cksum Unix command

cksum is a command in Unix and Unix-like operating systems that generates a checksum value for a file or stream of data. The cksum command reads each file given in its arguments, or standard input if no arguments are provided, and outputs the file's 32-bit cyclic redundancy check (CRC) checksum and byte count. The CRC output by cksum is different from the CRC-32 used in zip, PNG and zlib.

In Unix-like and some other operating systems, find is a command-line utility that locates files based on some user-specified criteria and either prints the pathname of each matched object or, if another action is requested, performs that action on each matched object.

rm (Unix) Unix command utility

rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.

tail is a program available on Unix, Unix-like systems, FreeDOS and MSX-DOS used to display the tail end of a text file or piped data.

<span class="mw-page-title-main">Metalink</span> File format that describes one or more computer files available for download

Metalink is an extensible metadata file format that describes one or more computer files available for download. It specifies files appropriate for the user's language and operating system; facilitates file verification and recovery from data corruption; and lists alternate download sources.

<span class="mw-page-title-main">PeaZip</span> File archive computer program

PeaZip is a free and open-source file manager and file archiver for Microsoft Windows, ReactOS, Linux, MacOS and BSD by Giorgio Tani. It supports its native PEA archive format and other mainstream formats, with special focus on handling open formats. Version 8.6.0 supported 226 file extensions.

Toybox is a free and open-source software implementation of over 200 Unix command line utilities such as ls, cp, and mv. The Toybox project was started in 2006, and became a 0BSD licensed BusyBox alternative. Toybox is used for most of Android's command-line tools in all currently supported Android versions, and is also used to build Android on Linux and macOS. All of the tools are tested on Linux, and many of them also work on BSD and macOS.

<span class="mw-page-title-main">GNU parallel</span> Shell tool for executing jobs in parallel locally or on remote machines

GNU parallel is a command-line utility for Linux and other Unix-like operating systems which allows the user to execute shell scripts or commands in parallel. GNU parallel is free software, written by Ole Tange in Perl. It is available under the terms of GPLv3.

BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and produce digest sizes of 256 bits and 224 bits, respectively, while BLAKE-512 and BLAKE-384 use 64-bit words and produce digest sizes of 512 bits and 384 bits, respectively.

cat (Unix) Unix command utility

cat is a standard Unix utility that reads files sequentially, writing them to standard output. The name is derived from its function to (con)catenate files. It has been ported to a number of operating systems.

References

  1. "b2sum source code in GNU coreutils". GNU coreutils mirror at GitHub. Retrieved 29 Jan 2022.
  2. Bruce Schneier. "Cryptanalysis of SHA-1". Schneier on Security.
  3. "Announcing the first SHA1 collision".
  4. "Sha1sum invocation (GNU Coreutils 9.0)".
  5. "Mirror/Busybox". GitHub . 26 October 2021.
  6. "Landley/Toybox". GitHub . 26 October 2021.
  7. shasum(1)    Linux General Commands Manual
  8. sha3sum(1)    Linux General Commands Manual
  9. md5(1)    FreeBSD General Commands Manual