How to compute and verify file checksum

Compute SHA message digest of a file to verify that its contents have not been altered.

You have two possible ways to perform this operation. You can use single shasum Perl script provided by the perl package or sha1sum/sha224sum/sha256sum/sha384sum/sha512sum commands provided by the coreutils package.

coreutils utilities

coreutils package provides multiple commands to compute and verify file checksums depending on the used algorithm. sha1sum command to use SHA-1, sha224sum command to use SHA-224, sha256sum command to use SHA-256, sha384sum command to use SHA-384 and sha512sum command to use SHA-512 algorithm.

Compute checksum for debian-stretch.tar file using SHA-256 algorithm.

$ sha256sum debian-stretch.tar | tee debian-stretch.tar.sha256sum 
cc59e9182464ffe338a0addd5ae2ffaa062047a87f3c78b4eca8c590fd60c67e  debian-stretch.tar

Verify checksum for file or files defined in debian-stretch.tar.sha256sum file.

$ sha256sum --check debian-stretch.tar.sha256sum 
debian-stretch.tar: OK

Quietly verify checksum for file or files defined in debian-stretch.tar.sha256sum file using exit code.

$ sha256sum --check --status debian-stretch.tar.sha256sum 
$  echo $?
0

Failed checksum can be easily spotted and identified.

$ sha256sum --check debian-stretch.tar.sha256sum 
debian-stretch.tar: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
$  echo $?
1

perl utilities

perl package provides shasum command to compute and verify file checksums. You can use it as a replacement for coreutils alternatives as it mimics behavior of the equivalent GNU utilities.

Compute checksum for debian-stretch.tar file using SHA-256 algorithm.

$ shasum --algorithm 256 debian-stretch.tar | tee debian-stretch.tar.sha256sum
cc59e9182464ffe338a0addd5ae2ffaa062047a87f3c78b4eca8c590fd60c67e  debian-stretch.tar

Verify checksum for file or files defined in debian-stretch.tar.sha256sum file.

$ shasum --algorithm 256 --check debian-stretch.tar.sha256sum 
debian-stretch.tar: OK

You do not need to specify algorithm when using regular ones, but it does not apply to SHA-512/224 and SHA-512/256 algorithms.

$ shasum --check debian-stretch.tar.sha256sum 
debian-stretch.tar: OK

Quietly verify checksum for debian-stretch.tar file using exit code.

$ shasum --algorithm 256 --check --status debian-stretch.tar.sha256sum
$  echo $?
0

Failed checksum can be easily spotted and identified.

$ shasum --algorithm 256 --check debian-stretch.tar.sha256sum 
debian-stretch.tar: FAILED
shasum: WARNING: 1 computed checksum did NOT match
$  echo $?
1

You can use default SHA-1 1 algorithm to verify file integrity or SHA-2 family algorithms like SHA-224 224, SHA-256 256, SHA-384 384, SHA-512 512. Additionally you can take adavantage of the most recent members of the SHA-2 family like SHA-512/224 512224 and SHA-512/256 512256.

About Milosz Galazka

Milosz is a Linux Foundation Certified Engineer working for a successful Polish company as a system administrator and a long time supporter of Free Software Foundation and Debian operating system.