sha256sum

Calculate the SHA256 checksum for one or more files

$ sha256sum [path/to/file1 path/to/file2 ...]

$ sha256sum [path/to/file1 path/to/file2 ...] > [path/to/file.sha256]

$ [command] | sha256sum

$ sha256sum [[-c|--check]] [path/to/file.sha256]

$ sha256sum [[-c|--check]] --quiet [path/to/file.sha256]

$ sha256sum --ignore-missing [[-c|--check]] --quiet [path/to/file.sha256]

$ echo [known_sha256_checksum_of_the_file] [path/to/file] | sha256sum [[-c|--check]]

sha256sum [OPTION]... [FILE]...

FILE...
    One or more files to process. If no FILE is specified, or if FILE is '-', sha256sum reads from standard input.

-b, --binary
    Read files in binary mode. This is often the default behavior on most systems, but can be explicitly specified to ensure consistent handling of byte streams.

-c, --check
    Read SHA256 sums from the specified FILEs (which are assumed to contain checksums and filenames, typically generated by a previous sha256sum run) and verify them against the actual files. It reports 'OK' or 'FAILED' for each entry.

-t, --text
    Read files in text mode. This option is typically the default for text files and handles platform-specific line endings appropriately.

-w, --warn
    When using --check, issue a warning for improperly formatted checksum lines found in the input file.

--status
    When using --check, suppress all output and only report success or failure via the exit status code. A zero status means all checks passed.

-s, --strict
    When using --check, exit with a non-zero status for any invalid input lines, not just failed checksums.

--tag
    Create a BSD-style checksum, which includes an explicit 'SHA256' tag, making the output more verbose and self-describing.

--ignore-missing
    When using --check, do not fail or report status for input files that are missing on the system.

The sha256sum command is a fundamental Linux utility used to compute and verify the SHA256 (Secure Hash Algorithm 256-bit) cryptographic checksums of files. It generates a unique fixed-size string (a 64-character hexadecimal number) for any given input, which serves as a digital fingerprint of the file. This fingerprint is extremely sensitive to even the smallest changes in the file's content, making sha256sum an essential tool for ensuring file integrity and authenticity.

Common use cases include verifying the integrity of downloaded software to ensure it hasn't been corrupted or tampered with during transfer, checking data consistency across backups, or confirming that sensitive documents have not been altered. By comparing the computed SHA256 sum of a file with a known good sum (often provided by the file's creator or distributor), users can quickly ascertain if the file has been modified from its original state, thereby enhancing data security and reliability.

While SHA256 is a robust cryptographic hash function highly resistant to collisions (where different inputs produce the same hash), it is not an encryption method. You cannot reverse-engineer the original data from its SHA256 sum. For critical security applications, always ensure that the checksum itself is obtained from a trustworthy, out-of-band source to prevent a malicious actor from altering both the file and its corresponding checksum.

The sha256sum command exits with status 0 if all checksums successfully match during a --check operation, or if it successfully computes sums without errors. A non-zero exit status indicates a failure, such as a checksum mismatch, a file not found, or an invalid command-line argument.

When no FILE argument is provided, or if '-' is specified as a FILE, sha256sum reads its input from standard input. This enables it to be used effectively in pipelines, allowing the hash of data streamed from other commands to be computed. Similarly, when checking sums with -c, the list of checksums to be verified can also be provided via standard input.

SHA256 is part of the SHA-2 family of cryptographic hash functions, designed by the U.S. National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST) as a Federal Information Processing Standard (FIPS PUB 180-2) in 2001. It was developed to address potential weaknesses found in SHA-1. The sha256sum utility itself is a widely adopted component of GNU Core Utilities, making it readily available on virtually all Linux and other Unix-like operating systems. Its usage has grown significantly as SHA-256 became a standard for digital signatures, blockchain technologies, and general data integrity verification across various computing domains.

md5sum(1), sha1sum(1), sha512sum(1), shasum(1), cksum(1)