shasum

Verify file integrity using SHA checksums

TLDR

Calculate the SHA1 checksum for one or more files

$ shasum [path/to/file1 path/to/file2 ...]

Calculate the SHA checksum for one or more files with the specified algorithm

$ shasum --algorithm [1|224|256|384|512|512224|512256] [path/to/file1 path/to/file2 ...]

Calculate a SHA1 checksum from stdin

$ [command] | shasum

Calculate and save the list of SHA256 checksums to a file

$ shasum --algorithm 256 [path/to/file1 path/to/file2 ...] > [path/to/file.sha256]

Read a file of SHA checksums and filenames and verify all files have matching checksums (the algorithm will be automatically detected)

$ shasum [[-c|--check]] [path/to/file]

Only show a message for missing files or when verification fails

$ shasum [[-c|--check]] --quiet [path/to/file]

Only show a message when verification fails, ignoring missing files

$ shasum --ignore-missing [[-c|--check]] --quiet [path/to/file]

Check a known SHA checksum of a file

$ echo [known_sha_checksum_of_the_file] [path/to/file] | shasum [[-c|--check]]

-a, --algorithm
    Choose the SHA algorithm to use. Valid options are 1, 224, 256, 384, or 512. Defaults to SHA-1.

-b, --binary
    Read input files in binary mode. This is important on systems where text files are treated differently (e.g., Windows).

-c, --check
    Read SHA sums from the FILEs and check them. The input FILEs should be in the format produced by shasum. Errors will be reported.

-t, --text
    Read input files in text mode (default). This is the opposite of `--binary`.

-0, --zero
    End each output line with a null byte, rather than newline. Useful for xargs.

--ignore-missing
    Don't fail or report status for missing files when used with `--check`.

--strict
    With `--check`, exit non-zero for any invalid lines.

--warn
    Warn about improperly formatted checksum lines when used with `--check`.

-s, --string
    Compute the SHA sum of the given string.

-z, --zero-terminated
    Input lines are terminated by null, not newline

--help
    Display a help message and exit.

--version
    Output version information and exit.

DESCRIPTION

The shasum command calculates and verifies SHA (Secure Hash Algorithm) checksums. These checksums are cryptographic hash values that uniquely represent the content of a file or string. shasum supports several SHA algorithms, including SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The primary uses of shasum are to ensure data integrity
1) verifying that a downloaded file hasn't been corrupted or tampered with during transmission and
2) detecting unintentional changes to files over time. The command can output checksums in a human-readable format, suitable for verification, or in a format suitable for use in scripts. It reads input from files specified as arguments, or from standard input if no files are specified. It displays checksums, file names, and an optional indicator to show whether verification was successful. If verification is successful, exit code is 0, otherwise an error will be printed and exit code set to 1.

CAVEATS

The security of the SHA-1 algorithm has been compromised, and it is no longer recommended for use in new applications. SHA-256 or stronger algorithms should be preferred.

USAGE EXAMPLES

Calculate the SHA-256 checksum of a file:
shasum -a 256 myfile.txt

Verify checksums from a file:
shasum -c checksums.txt

Calculate the SHA-512 checksum of a string:
shasum -a 512 -s "Hello, world!"

HISTORY

The shasum command is part of the GNU Core Utilities. SHA algorithms were developed by the National Security Agency (NSA) and standardized by NIST. shasum was created to provide a simple and reliable way to generate and verify these checksums on Unix-like systems.