LinuxCommandLibrary

sha224sum

Calculate or verify SHA224 checksums

TLDR

Calculate the SHA224 checksum for one or more files

$ sha224sum [path/to/file1 path/to/file2 ...]
copy

Calculate and save the list of SHA224 checksums to a file
$ sha224sum [path/to/file1 path/to/file2 ...] > [path/to/file.sha224]
copy

Calculate a SHA224 checksum from stdin
$ [command] | sha224sum
copy

Read a file of SHA224 checksums and filenames and verify all files have matching checksums
$ sha224sum [[-c|--check]] [path/to/file.sha224]
copy

Only show a message for missing files or when verification fails
$ sha224sum [[-c|--check]] --quiet [path/to/file.sha224]
copy

Only show a message when verification fails, ignoring missing files
$ sha224sum --ignore-missing [[-c|--check]] --quiet [path/to/file.sha224]
copy

Check a known SHA224 checksum of a file
$ echo [known_sha224_checksum_of_the_file] [path/to/file] | sha224sum [[-c|--check]]
copy

SYNOPSIS

sha224sum [OPTION]... [FILE]...

PARAMETERS

-b, --binary
    Read files in binary mode. This is the default for sha224sum.

-c, --check
    Read SHA224 sums from the FILEs and check them. Input should be a file with checksums and filenames.

-t, --text
    Read files in text mode (default on some systems, though binary is generally safer for integrity checks).

-s, --status
    Don't output anything, just return status code. Used with --check to suppress normal output.

-w, --warn
    Warn about improperly formatted checksum lines. Used with --check.

--ignore-missing
    Don't fail or report status for missing files. Used with --check.

-p, --portable
    Portably compute checksums for all supported platforms.

-L, --zero-terminated, --null
    Line delimiter is NUL, not newline. Input filenames are NUL-terminated. Useful for processing filenames containing newlines.

--help
    Display a help message and exit.

--version
    Output version information and exit.

DESCRIPTION

sha224sum is a command-line utility used to compute and verify SHA224 (Secure Hash Algorithm 224-bit) cryptographic checksums, also known as message digests or hash values, for files or standard input. SHA224 is a member of the SHA-2 family of hash functions, designed by the NSA. It produces a 224-bit (28-byte) hash value, which is typically represented as a 56-character hexadecimal string.

The primary purpose of sha224sum is to ensure data integrity and authenticity. By computing the hash of a file, users can detect unintentional data corruption or malicious alteration. If a file is modified, its SHA224 hash will change, allowing for easy verification against a previously recorded hash value. This is particularly useful when downloading files from the internet, transmitting data over networks, or archiving important information. The command can both generate a new hash for a given file and verify a file against a list of pre-calculated hashes, which are usually stored in a separate checksum file. It is a fundamental tool for anyone concerned with the reliability and security of their data.

CAVEATS

  • Collision Resistance: While SHA224 is considered strong, no hash function is perfectly immune to collision attacks (where two different inputs produce the same hash). For critical security applications, continuously monitor cryptographic best practices.
  • Performance on Large Files: Computing checksums for very large files can be CPU-intensive and take significant time.
  • Verification File Format: When using the --check option, the input file containing checksums and filenames must adhere to a specific format: each line should contain the SHA224 sum, followed by two spaces, and then the filename.
  • Standard Input Limitation: When reading from standard input (e.g., via pipe), the original filename information is lost, and the output will display a hyphen ('-') instead of a filename.

USAGE EXAMPLES

  • To compute the SHA224 sum of a file named my_document.txt:
    sha224sum my_document.txt
  • To save the SHA224 sum to a file:
    sha224sum my_document.txt > my_document.txt.sha224
  • To check a file against its saved SHA224 sum:
    sha224sum -c my_document.txt.sha224
  • To check multiple files listed in a checksum file, suppressing verbose output for successful checks:
    sha224sum -c --status checksums.txt

STANDARD INPUT/OUTPUT

If no FILE is specified, or when FILE is '-', sha224sum reads from standard input. The output format is HASH FILENAME (or HASH - if reading from stdin). When checking sums, it reads from standard input by default if no FILE is given.

HISTORY

sha224sum is part of the GNU Coreutils package, a fundamental collection of command-line utilities for Unix-like operating systems. The SHA-2 family of cryptographic hash functions, including SHA224, was designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) as a Federal Information Processing Standard (FIPS) PUB 180-2 in 2001, with an update to FIPS PUB 180-3 in 2008 to include SHA-224, SHA-384, and SHA-512. As cryptographic standards evolved and older algorithms like MD5 and SHA-1 showed vulnerabilities, stronger alternatives like SHA-224 gained prominence for data integrity and security applications. The inclusion of sha224sum and other SHA-2 variants in Coreutils reflects the ongoing effort to provide robust and secure tools for system administration and data management.

SEE ALSO

md5sum(1), sha1sum(1), sha256sum(1), sha512sum(1), sum(1), cksum(1), shasum(1)

Copied to clipboard