How to use the command 'sha256sum' (with examples)
The sha256sum
command is a utility available on Unix-like operating systems that allows users to generate and verify SHA256 cryptographic checksums. This checksum is a 64-character long hash generated from a file’s content, providing a unique fingerprint of the file. This utility is commonly used to ensure data integrity, as even the smallest change in the input data will result in a different SHA256 checksum.
Use case 1: Calculate the SHA256 checksum for one or more files
Code:
sha256sum path/to/file1 path/to/file2 ...
Motivation:
Generating the SHA256 checksums for files is an essential part of verifying data integrity. When you download files from the internet, or when you receive files after a transfer, you can never be sure if they have remained intact throughout the communication process. By comparing the generated checksum of the received file against the provided checksum, you can validate that the content hasn’t been altered or corrupted.
Explanation:
sha256sum
: This is the command used to calculate the SHA256 checksum.path/to/file1 path/to/file2 ...
: These represent one or more paths to files for which you want to compute the checksum. You can input as many file paths as you desire, and the command will process each in turn.
Example output:
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd5458826dc4763a55e path/to/file1
6dcd4ce23d88e2ee9568ba546c007c63a38652e6a3e9acb818a4d5474cf7ed3e path/to/file2
Use case 2: Calculate and save the list of SHA256 checksums to a file
Code:
sha256sum path/to/file1 path/to/file2 ... > path/to/file.sha256
Motivation:
Storing checksums in a file is useful for future verification purposes. If you have a set of files that need integrity checks over time, keeping a record of their authentic SHA256 sums can be very beneficial. This use case is often applicable in scenarios where a batch of files is distributed and both sender and receiver need to ensure no corruption during transfer.
Explanation:
sha256sum
: The command to calculate the checksum.path/to/file1 path/to/file2 ...
: The list of files to be processed.>
: This redirects the output of the command to a file.path/to/file.sha256
: The destination file where checksums and corresponding file names will be saved.
Example output:
The contents of path/to/file.sha256
will be:
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd5458826dc4763a55e path/to/file1
6dcd4ce23d88e2ee9568ba546c007c63a38652e6a3e9acb818a4d5474cf7ed3e path/to/file2
Use case 3: Calculate a SHA256 checksum from stdin
Code:
command | sha256sum
Motivation:
Sometimes the data you need to verify is not stored in a file but is generated by a command at runtime, such as configuration data or streamed data outputs. Verifying that data’s integrity using a SHA256 checksum directly from the command’s output ensures that data maintains its integrity across processes or systems.
Explanation:
command
: This represents any shell command whose output you want to generate a checksum for.|
: This pipe symbol denotes that the input of thesha256sum
should come from the preceding command’s output.
Example output:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 -
The output checksum specifically corresponds to the content generated by command
.
Use case 4: Read a file of SHA256 checksums and filenames and verify all files have matching checksums
Code:
sha256sum --check path/to/file.sha256
Motivation:
Verification of files against stored checksums is crucial in ensuring they have not been tampered with. After you’ve saved checksums to a file as outlaid in use case 2, you can use this command to verify that the files listed in your .sha256
file still match their recorded checksums, ensuring their integrity.
Explanation:
sha256sum
: The command used for checksum operations.--check
: This option instructs the utility to verify checksums against the current content of the files listed in the.sha256
file.path/to/file.sha256
: This refers to the file containing expected checksums and filenames.
Example output:
path/to/file1: OK
path/to/file2: OK
Use case 5: Only show a message for missing files or when verification fails
Code:
sha256sum --check --quiet path/to/file.sha256
Motivation:
The importance of focusing on errors or discrepancies without sifting through potentially thousands of “ok” messages cannot be overstated. This approach is efficient in operational environments where the emphasis is only on highlighting issues needing resolution, thereby reducing log noise.
Explanation:
sha256sum
: This command initiates the checksum function.--check
Indicates a need to verify the checksums listed.--quiet
: This option modifies the output to only display errors, which are instances where the file does not match its checksum or is missing.path/to/file.sha256
: This is the checksums file being validated against.
Example output:
If a file fails verification, you might see:
sha256sum: WARNING: 1 computed checksum did NOT match
Use case 6: Only show a message when verification fails, ignoring missing files
Code:
sha256sum --ignore-missing --check --quiet path/to/file.sha256
Motivation:
When you want to solely focus on files that fail integrity checks without concerning yourself with files that might be missing (perhaps they’re not expected yet or have been temporarily removed), this command filters the output appropriately. This can be useful in environments where certain files are known to be temporary and their absence is not a cause for alarm.
Explanation:
sha256sum
: The core utility being used.--ignore-missing
: This tells the command to ignore error messages about missing files.--check
: Once again, verifies checksums.--quiet
: Restricts output to only errors.path/to/file.sha256
: The file with checksums and file paths detailed.
Example output:
If checksum validation fails for a present file, the output would simply state:
sha256sum: WARNING: 1 computed checksum did NOT match
Use case 7: Check a known SHA256 checksum of a file
Code:
echo known_sha256_checksum_of_the_file path/to/file | sha256sum --check
Motivation:
There are instances where you have a single known checksum for a file and you wish to validate this against the actual file content. This scenario is quite common when files are shared in a checksum-protected environment, where you need to ensure obtained files match the distributed checksum value.
Explanation:
echo
: Used here to write the known checksum and file path in the formatchecksum filename
.known_sha256_checksum_of_the_file
: The checksum you expect the file to have.path/to/file
: The location of the file undergoing validation.|
: Directs theecho
output tosha256sum
for further processing.sha256sum
: Main command performing the check.--check
: Compares the computed checksum with the known checksum.
Example output:
If the file’s checksum matches the known checksum, you’d see:
path/to/file: OK
Conclusion:
The sha256sum
command is an invaluable tool for assessing data integrity, whether you’re ensuring that your files are intact after download, transmission, or over time. Its versatility in generating, verifying, and handling error messaging for checksum data is crucial in managing and securing data integrity in any workflow or system architecture.