MD5(1) FreeBSD General Commands Manual MD5(1)
NAME
md5, sha1, sha224, sha256, sha384, sha512, sha512t256, rmd160, skein256,
skein512, skein1024, md5sum, sha1sum, sha224sum, sha256sum, sha384sum,
sha512sum, sha512t256sum, rmd160sum, skein256sum, skein512sum,
skein1024sum - calculate a message-digest fingerprint (checksum) for a
file
SYNOPSIS
md5 [-pqrtx] [-c string] [-s string] [file ...]
md5sum [-pqrtx] [-c file] [-s string] [file ...]
(All other hashes have the same options and usage.)
DESCRIPTION
The md5, sha1, sha224, sha256, sha384, sha512, sha512t256, rmd160,
skein256, skein512, and skein1024 utilities take as input a message of
arbitrary length and produce as output a "fingerprint" or "message
digest" of the input. The md5sum, sha1sum, sha224sum, sha256sum,
sha384sum, sha512sum, sha512t256sum, rmd160sum, skein256sum, skein512sum,
and skein1024sum utilities do the same, but default to the reversed
format of the -r flag. It is conjectured that it is computationally
infeasible to produce two messages having the same message digest, or to
produce any message having a given prespecified target message digest.
The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160, and SKEIN
algorithms are intended for digital signature applications, where a large
file must be "compressed" in a secure manner before being encrypted with
a private (secret) key under a public-key cryptosystem such as RSA.
The MD5 and SHA-1 algorithms have been proven to be vulnerable to
practical collision attacks and should not be relied upon to produce
unique outputs, nor should they be used as part of a cryptographic
signature scheme. As of 2017-03-02, there is no publicly known method to
reverse either algorithm, i.e., to find an input that produces a specific
output.
SHA-512t256 is a version of SHA-512 truncated to only 256 bits. On
64-bit hardware, this algorithm is approximately 50% faster than SHA-256
but with the same level of security. The hashes are not interchangeable.
It is recommended that all new applications use SHA-512 or SKEIN-512
instead of one of the other hash functions.
The following options may be used in any combination and must precede any
files named on the command line. The hexadecimal checksum of each file
listed on the command line is printed after the options are processed.
-b Make the -sum programs separate hash and digest with a blank
followed by an asterisk instead of by 2 blank characters for full
compatibility with the output generated by the coreutils versions
of these programs.
-c string
If the program was called with a name that does not end in sum,
compare the digest of the file against this string. (Note that
this option is not yet useful if multiple files are specified.)
-c file
If the program was called with a name that does end in sum, the
file passed as argument must contain digest lines generated by
the same digest algorithm with or without the -r option (i.e. in
either classical BSD format or in GNU coreutils format). A line
with the file name followed by a colon ":" and either OK or
FAILED is written for each well-formed line in the digest file.
If applicable, the number of failed comparisons and the number of
lines that were skipped since they were not well-formed are
printed at the end. The -q option can be used to quiesce the
output unless there are mismatched entries in the digest.
-s string
Print a checksum of the given string.
-p Echo stdin to stdout and append the checksum to stdout.
-q Quiet mode -- only the checksum is printed out. Overrides the -r
option.
-r Reverses the format of the output. This helps with visual diffs.
Does nothing when combined with the -ptx options.
-t Run a built-in time trial. For the -sum versions, this is a nop
for compatibility with coreutils.
-x Run a built-in test script.
EXIT STATUS
The md5, sha1, sha224, sha256, sha512, sha512t256, rmd160, skein256,
skein512, and skein1024 utilities exit 0 on success, 1 if at least one of
the input files could not be read, and 2 if at least one file does not
have the same hash as the -c option.
EXAMPLES
Calculate the MD5 checksum of the string "Hello".
$ md5 -s Hello
MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
Same as above, but note the absence of the newline character in the input
string:
$ echo -n Hello | md5
8b1a9953c4611296a827abf8c47804d7
Calculate the checksum of multiple files reversing the output:
$ md5 -r /boot/loader.conf /etc/rc.conf
ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
The
-sum
variants put 2 blank characters between hash and file name for full compatibility
with the coreutils versions of these commands.
Write the digest for /boot/loader.conf in a file named digest. Then
calculate the checksum again and validate it against the checksum string
extracted from the digest file:
$ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
Same as above but comparing the digest against an invalid string
("randomstring"), which results in a failure.
$ md5 -c randomstring /boot/loader.conf
MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
If invoked with a name ending in -sum the -c option does not compare
against a hash string passed as parameter. Instead, it expects a digest
file, as created under the name digest for /boot/loader.conf in the
example above.
$ md5 -c digest /boot/loader.conf
/boot/loader.conf: OK
The digest file may contain any number of lines in the format generated
with or without the -r option (i.e. in either classical BSD format or in
GNU coreutils format). If a hash value does not match the file, FAILED
is printed instead of OK.
SEE ALSO
cksum(1), md5(3), ripemd(3), sha(3), sha256(3), sha384(3), sha512(3),
skein(3)
R. Rivest, The MD5 Message-Digest Algorithm, RFC1321.
J. Burrows, The Secure Hash Standard, FIPS PUB 180-2.
D. Eastlake and P. Jones, US Secure Hash Algorithm 1, RFC 3174.
RIPEMD-160 is part of the ISO draft standard "ISO/IEC DIS 10118-3" on
dedicated hash functions.
Secure Hash Standard (SHS): http://csrc.nist.gov/cryptval/shs.html.
The RIPEMD-160 page:
http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html.
BUGS
All of the utilities that end in `sum' are intended to be compatible with
the GNU coreutils programs. However, the long option functionality is
not provided.
ACKNOWLEDGMENTS
This program is placed in the public domain for free general use by RSA
Data Security.
Support for SHA-1 and RIPEMD-160 has been added by Oliver Eikemeier
<eik@FreeBSD.org>.
FreeBSD 13.1-RELEASE-p6 June 29, 2021 FreeBSD 13.1-RELEASE-p6
man2web Home...