LinuxCommandLibrary

sha1sum

Verify file integrity using SHA1 hash

TLDR

Calculate the SHA1 checksum for one or more files

$ sha1sum [path/to/file1 path/to/file2 ...]
copy

Calculate and save the list of SHA1 checksums to a file
$ sha1sum [path/to/file1 path/to/file2 ...] > [path/to/file.sha1]
copy

Calculate a SHA1 checksum from stdin
$ [command] | sha1sum
copy

Read a file of SHA1 checksums and filenames and verify all files have matching checksums
$ sha1sum [[-c|--check]] [path/to/file.sha1]
copy

Only show a message for missing files or when verification fails
$ sha1sum [[-c|--check]] --quiet [path/to/file.sha1]
copy

Only show a message when verification fails, ignoring missing files
$ sha1sum --ignore-missing [[-c|--check]] --quiet [path/to/file.sha1]
copy

Check a known SHA1 checksum of a file
$ echo [known_sha1_checksum_of_the_file] [path/to/file] | sha1sum [[-c|--check]]
copy

SYNOPSIS

sha1sum [OPTION]... [FILE]...
sha1sum --check [OPTION]... [FILE]

PARAMETERS

-b, --binary
    Read in binary mode.

-c, --check
    Read SHA1 sums from the FILEs and check them.

-t, --text
    Read in text mode (default).

-q, --quiet
    Don't print OK for each successfully verified file.

-s, --status
    Don't output anything, status code shows success.

-w, --warn
    Warn about improperly formatted checksum lines.

--strict
    Exit non-zero for any improperly formatted checksum line.

--tag
    Create a BSD-style checksum.

--ignore-missing
    Don't fail or report status for missing files.

DESCRIPTION

sha1sum is a command-line utility used to compute and verify the 160-bit SHA1 (Secure Hash Algorithm 1) checksums of files. It generates a unique hexadecimal string, known as a message digest or hash, for the contents of a file. This hash can be used to ensure file integrity and detect any alterations.

When used without options, sha1sum reads input from standard input or specified files and prints the SHA1 sum followed by the filename. It's commonly employed to verify downloaded files against a published hash to ensure they haven't been tampered with or corrupted during transfer. The command also supports a "check" mode, where it reads SHA1 sums from a file (typically generated previously) and verifies them against the actual files. This makes it a powerful tool for maintaining data integrity in various scenarios.

CAVEATS

While sha1sum is widely used, SHA-1 is cryptographically broken. It is no longer considered secure against well-funded attacks for purposes like digital signatures due to the practical possibility of collision attacks. For new applications requiring strong cryptographic security, users should prefer stronger hash functions like SHA-256 or SHA-512, available via sha256sum and sha512sum. sha1sum remains useful for non-security-critical integrity checks and for verifying legacy hashes.

OUTPUT FORMAT

When calculating a hash, sha1sum typically outputs the SHA1 hash (40 hexadecimal characters), followed by two spaces, an asterisk (for binary mode) or a space (for text mode), and then the filename.

CHECKSUM FILES

For checking, sha1sum -c expects a file where each line contains the checksum, two spaces, an asterisk (for binary mode) or a space (for text mode), and the filename.

HISTORY

The sha1sum command is part of the GNU Core Utilities (coreutils), a package that provides the basic file, shell and text manipulation utilities for Unix-like operating systems. It implements the Secure Hash Algorithm 1 (SHA-1), which was designed by the United States National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS PUB 180-1) in 1995. Its inclusion in coreutils made it a standard tool for integrity checking across Linux distributions.

SEE ALSO

md5sum(1), sha224sum(1), sha256sum(1), sha384sum(1), sha512sum(1)

Copied to clipboard