1.\" $FreeBSD$ 2.Dd July 26, 2022 3.Dt MD5 1 4.Os 5.Sh NAME 6.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , 7.Nm skein256 , skein512 , skein1024 , 8.Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum , 9.Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , skein1024sum 10.Nd calculate a message-digest fingerprint (checksum) for a file 11.Sh SYNOPSIS 12.Nm 13.Op Fl pqrtx 14.Op Fl c Ar string 15.Op Fl s Ar string 16.Op Ar 17.Pp 18.Nm md5sum 19.Op Fl pqrtx 20.Op Fl c Ar file 21.Op Fl s Ar string 22.Op Ar 23.Pp 24(All other hashes have the same options and usage.) 25.Sh DESCRIPTION 26The 27.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , 28.Nm skein256 , skein512 , 29and 30.Nm skein1024 31utilities take as input a message of arbitrary length and produce as 32output a 33.Dq fingerprint 34or 35.Dq message digest 36of the input. 37The 38.Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum , 39.Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , 40and 41.Nm skein1024sum 42utilities do the same, but default to the reversed format of 43the 44.Fl r 45flag. 46It is conjectured that it is computationally infeasible to 47produce two messages having the same message digest, or to produce any 48message having a given prespecified target message digest. 49The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160, 50and SKEIN 51algorithms are intended for digital signature applications, where a 52large file must be 53.Dq compressed 54in a secure manner before being encrypted with a private 55(secret) 56key under a public-key cryptosystem such as RSA. 57.Pp 58The MD5 and SHA-1 algorithms have been proven to be vulnerable to practical 59collision attacks and should not be relied upon to produce unique outputs, 60.Em nor should they be used as part of a cryptographic signature scheme. 61As of 2017-03-02, there is no publicly known method to 62.Em reverse 63either algorithm, i.e., to find an input that produces a specific 64output. 65.Pp 66SHA-512t256 is a version of SHA-512 truncated to only 256 bits. 67On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but 68with the same level of security. 69The hashes are not interchangeable. 70.Pp 71It is recommended that all new applications use SHA-512 or SKEIN-512 72instead of one of the other hash functions. 73.Pp 74The following options may be used in any combination and must 75precede any files named on the command line. 76The hexadecimal checksum of each file listed on the command line is printed 77after the options are processed. 78.Bl -tag -width indent 79.It Fl b 80Make the 81.Nm -sum 82programs separate hash and digest with a blank followed by an asterisk instead 83of by 2 blank characters for full compatibility with the output generated by the 84coreutils versions of these programs. 85.It Fl c Ar string 86If the program was called with a name that does not end in 87.Nm sum , 88compare the digest of the file against this string. 89If combined with the 90.Fl q 91option, the calculated digest is printed in addition to the exit status being set. 92.Pq Note that this option is not yet useful if multiple files are specified. 93.It Fl c Ar file 94If the program was called with a name that does end in 95.Nm sum , 96the file passed as argument must contain digest lines generated by the same 97digest algorithm with or without the 98.Fl r 99option 100.Pq i.e., in either classical BSD format or in GNU coreutils format . 101A line with the file name followed by a colon 102.Dq ":" 103and either OK or FAILED is written for each well-formed line in the digest file. 104If applicable, the number of failed comparisons and the number of lines that were 105skipped since they were not well-formed are printed at the end. 106The 107.Fl q 108option can be used to quiesce the output unless there are mismatched entries in 109the digest. 110.Pp 111.It Fl s Ar string 112Print a checksum of the given 113.Ar string . 114.It Fl p 115Echo stdin to stdout and append the checksum to stdout. 116.It Fl q 117Quiet mode \(em only the checksum is printed out. 118Overrides the 119.Fl r 120option. 121.It Fl r 122Reverses the format of the output. 123This helps with visual diffs. 124Does nothing 125when combined with the 126.Fl ptx 127options. 128.It Fl t 129Run a built-in time trial. 130For the 131.Nm -sum 132versions, this is a nop for compatibility with coreutils. 133.It Fl x 134Run a built-in test script. 135.El 136.Sh EXIT STATUS 137The 138.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 , 139.Nm skein256 , skein512 , 140and 141.Nm skein1024 142utilities exit 0 on success, 1431 if at least one of the input files could not be read, 144and 2 if at least one file does not have the same hash as the 145.Fl c 146option. 147.Sh EXAMPLES 148Calculate the MD5 checksum of the string 149.Dq Hello . 150.Bd -literal -offset indent 151$ md5 -s Hello 152MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7 153.Ed 154.Pp 155Same as above, but note the absence of the newline character in the input 156string: 157.Bd -literal -offset indent 158$ echo -n Hello | md5 1598b1a9953c4611296a827abf8c47804d7 160.Ed 161.Pp 162Calculate the checksum of multiple files reversing the output: 163.Bd -literal -offset indent 164$ md5 -r /boot/loader.conf /etc/rc.conf 165ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf 166d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf 167.Pd 168The 169.Nm -sum 170variants put 2 blank characters between hash and file name for full compatibility 171with the coreutils versions of these commands. 172.Ed 173.Pp 174Write the digest for 175.Pa /boot/loader.conf 176in a file named 177.Pa digest . 178Then calculate the checksum again and validate it against the checksum string 179extracted from the 180.Pa digest 181file: 182.Bd -literal -offset indent 183$ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf 184MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 185.Ed 186.Pp 187Same as above but comparing the digest against an invalid string 188.Pq Dq randomstring , 189which results in a failure. 190.Bd -literal -offset indent 191$ md5 -c randomstring /boot/loader.conf 192MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ] 193.Ed 194.Pp 195If invoked with a name ending in 196.Nm -sum 197the 198.Fl c 199option does not compare against a hash string passed as parameter. 200Instead, it expects a digest file, as created under the name 201.Pa digest 202for 203.Pa /boot/loader.conf 204in the example above. 205.Bd -literal -offset indent 206$ md5 -c digest /boot/loader.conf 207/boot/loader.conf: OK 208.Ed 209.Pp 210The digest file may contain any number of lines in the format generated with or without the 211.Fl r 212option 213.Pq i.e., in either classical BSD format or in GNU coreutils format . 214If a hash value does not match the file, FAILED is printed instead of OK. 215.Sh SEE ALSO 216.Xr cksum 1 , 217.Xr md5 3 , 218.Xr ripemd 3 , 219.Xr sha 3 , 220.Xr sha256 3 , 221.Xr sha384 3 , 222.Xr sha512 3 , 223.Xr skein 3 224.Rs 225.%A R. Rivest 226.%T The MD5 Message-Digest Algorithm 227.%O RFC1321 228.Re 229.Rs 230.%A J. Burrows 231.%T The Secure Hash Standard 232.%O FIPS PUB 180-2 233.Re 234.Rs 235.%A D. Eastlake and P. Jones 236.%T US Secure Hash Algorithm 1 237.%O RFC 3174 238.Re 239.Pp 240RIPEMD-160 is part of the ISO draft standard 241.Qq ISO/IEC DIS 10118-3 242on dedicated hash functions. 243.Pp 244Secure Hash Standard (SHS): 245.Pa https://www.nist.gov/publications/secure-hash-standard-shs 246.Pp 247The RIPEMD-160 page: 248.Pa https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 249.Sh BUGS 250All of the utilities that end in 251.Sq sum 252are intended to be compatible with the GNU coreutils programs. 253However, the long option functionality is not provided. 254.Sh ACKNOWLEDGMENTS 255This program is placed in the public domain for free general use by 256RSA Data Security. 257.Pp 258Support for SHA-1 and RIPEMD-160 has been added by 259.An Oliver Eikemeier Aq Mt eik@FreeBSD.org . 260