sha256sum
Verify file integrity using SHA256 checksums
TLDR
Calculate the SHA256 checksum for one or more files
Calculate and save the list of SHA256 checksums to a file
Calculate a SHA256 checksum from stdin
Read a file of SHA256 checksums and filenames and verify all files have matching checksums
Only show a message for missing files or when verification fails
Only show a message when verification fails, ignoring missing files
Check a known SHA256 checksum of a file
SYNOPSIS
sha256sum [OPTION]... [FILE]...
PARAMETERS
-b
Read in binary mode
-c, --check
Read SHA256 sums from FILEs and check them
--tag
Create a BSD-style checksum
-t, --text
Read in text mode (default)
--binary
Read in binary mode
-z, --zero
End each output line with NUL, not newline, and disable file name escaping
--algorithm ALGO
Choose digest algorithm. Valid ALGO values are: sha224, sha256, sha384, sha512, sha512256
-w, --warn
Warn about improperly formatted checksum lines
--strict
Exit non-zero for improperly formatted checksum lines
--ignore-missing
Don't fail or report status for missing files
--quiet
Don't print OK for each successfully verified file
--status
Don't output anything, status code shows success
--check-algorithm
Check ALGO. Valid ALGO values are: sha224, sha256, sha384, sha512, sha512256
--help
Display help and exit
--version
Output version information and exit
DESCRIPTION
The sha256sum command calculates and verifies SHA256 cryptographic hash values. It's primarily used to confirm the integrity of files after they've been transferred or stored. By comparing the computed SHA256 hash of a file with a known, trusted hash value, you can determine if the file has been altered or corrupted.
The command reads input files, calculates the SHA256 hash for each, and outputs the hash alongside the file name. When invoked with the -c option, sha256sum reads checksums from a file and compares them to the calculated checksums of the corresponding files, reporting any discrepancies. This is crucial for verifying downloads, backups, and ensuring data consistency. The SHA256 algorithm is a widely used cryptographic hash function that produces a 256-bit (32-byte) hash value, making it resistant to collisions and suitable for security-sensitive applications.
CAVEATS
On some systems, particularly Windows, the text mode handling can introduce inconsistencies due to different newline conventions (CRLF vs. LF). Always use binary mode (-b) when verifying binary files to avoid checksum mismatches. Ensure the checksum file used with '-c' adheres to the expected format (hash, space, file name).
INPUT FORMAT FOR '--CHECK'
When using the '-c' option, the input file should contain SHA256 checksums followed by a space and the filename. The format is typically 'SHA256_HASH filename'. Spaces are allowed in filenames, but they should be properly escaped or quoted when creating the checksum file.
EXIT STATUS
The command returns an exit status of 0 if all files are successfully verified. A non-zero exit status indicates an error, such as a checksum mismatch or a missing file (unless '--ignore-missing' is used).
HISTORY
The sha256sum utility is part of the GNU coreutils package and has been available in most Linux distributions for many years. Its adoption grew with the increasing need for stronger cryptographic hash functions than MD5 or SHA1, which were found to have security vulnerabilities. SHA256 provided a more robust and secure alternative. The tool's usage expanded across various domains, from software distribution and integrity checks to data archiving and security applications.