OpenBSD manual page server

Manual Page Search Parameters

CKSUM(1) General Commands Manual CKSUM(1)

cksum, sumdisplay file checksums and block counts

cksum [-bpqrtx] [-a algorithms] [-c [checklist ...]] [-o 1 | 2] [-s string] [file ...]

sum [-bpqrtx] [-a algorithms] [-c [checklist ...]] [-o 1 | 2] [-s string] [file ...]

The cksum utility writes to the standard output a single line for each input file. The format of this line varies with the algorithm being used as follows:

cksum
The output line consists of three whitespace separated fields: a CRC checksum, the number of octets in the input, and name of the file or string. If no file name is specified, the standard input is used and no file name is written.
sum
The output line consists of three whitespace separated fields: a CRC checksum, the number of kilobytes in the input, and name of the file or string. If no file name is specified, the standard input is used and no file name is written.
sysvsum
The output line consists of three whitespace separated fields: a CRC checksum, the number of 512-byte blocks in the input, and name of the file or string. If no file name is specified, the standard input is used and no file name is written.
all others
The output line consists of four whitespace separated fields: the name of the algorithm used, the name of the file or string in parentheses, an equals sign, and the cryptographic hash of the input. If no file name is specified, the standard input is used and only the cryptographic hash is output.

The sum utility is identical to the cksum utility, except that it defaults to using historic algorithm 1, as described below. It is provided for compatibility only.

The options are as follows:

algorithms
Use the specified algorithm(s) instead of the default (cksum). Supported algorithms include cksum, md4, md5, rmd160, sha1, sha224, sha256, sha384, sha512, sum, and sysvsum. Multiple algorithms may be specified, separated by a comma or whitespace. Additionally, multiple -a options may be specified on the command line. Case is ignored when matching algorithms. The output format may be specified on a per-algorithm basis by using a single-character suffix, e.g. “sha256b”. If the algorithm has a ‘b’ suffix, the checksum will be output in base64 format. If the algorithm has an ‘x’ suffix, the checksum will be output in hex format. If an algorithm with the same output format is repeated, only the first instance is used. Note that output format suffixes are not supported for the cksum, sum and sysvsum algorithms.
Output checksums in base64 notation, not hexadecimal by default. A ‘b’ or ‘x’ suffix on the algorithm will override this default. This option is ignored for the cksum, sum and sysvsum algorithms, which do not use hexadecimal output.
[checklist ...]
Compares all checksums contained in the file checklist with newly computed checksums for the corresponding files. Output consists of the digest used, the file name, and an OK or FAILED for the result of the comparison. This will validate any of the supported checksums. If no file is given, stdin is used. The -c option may not be used in conjunction with more than a single -a option.
1 | 2
Use historic algorithms instead of the (superior) default one (see below).
Echoes stdin to stdout and appends the checksum to stdout.
Only print the checksum (quiet mode) or if used in conjunction with the -c flag, only print the failed cases.
Reverse the format of the hash algorithm output, making it match the checksum output format.
string
Prints a checksum of the given string.
Runs a built-in time trial. Specifying -t multiple times results in the number of rounds being multiplied by 10 for each additional flag.
Runs a built-in test script.

Algorithm 1 (aka sum) is the algorithm used by historic BSD systems as the sum algorithm and by historic AT&T System V UNIX systems as the sum algorithm when using the -r option. This is a 16-bit checksum, with a right rotation before each addition; overflow is discarded.

Algorithm 2 (aka sysvsum) is the algorithm used by historic AT&T System V UNIX systems as the default sum algorithm. This is a 32-bit checksum, and is defined as follows:

s = sum of all bytes;
r = s % 2^16 + (s % 2^32) / 2^16;
cksum = (r % 2^16) + r / 2^16;

Both algorithm 1 and 2 write to the standard output the same fields as the default algorithm, except that the size of the file in bytes is replaced with the size of the file in blocks. For historic reasons, the block size is 1024 for algorithm 1 and 512 for algorithm 2. Partial blocks are rounded up.

The default CRC used is based on the polynomial used for CRC error checking in the networking standard ISO 8802-3: 1989. The CRC checksum encoding is defined by the generating polynomial:

G(x) = x^32 + x^26 + x^23 + x^22 + x^16 + x^12 +
     x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x + 1

Mathematically, the CRC value corresponding to a given file is defined by the following procedure:

The n bits to be evaluated are considered to be the coefficients of a mod 2 polynomial M(x) of degree n-1. These n bits are the bits from the file, with the most significant bit being the most significant bit of the first octet of the file and the last bit being the least significant bit of the last octet, padded with zero bits (if necessary) to achieve an integral number of octets, followed by one or more octets representing the length of the file as a binary value, least significant octet first. The smallest number of octets capable of representing this integer are used.

M(x) is multiplied by x^32 (i.e., shifted left 32 bits) and divided by G(x) using mod 2 division, producing a remainder R(x) of degree <= 31.

The coefficients of R(x) are considered to be a 32-bit sequence.

The bit sequence is complemented and the result is the CRC.

The other available algorithms are described in their respective man pages in section 3 of the manual.

The cksum and sum utilities exit 0 on success or >0 if an error occurred.

md5(1), sha1(1), sha256(1)

The default calculation is identical to that given in pseudo-code in the following ACM article:

Dilip V. Sarwate, Computation of Cyclic Redundancy Checks Via Table Lookup, Communications of the ACM, August 1988.

The cksum utility is compliant with the IEEE Std 1003.1-2008 (“POSIX.1”) specification.

All the flags are extensions to that specification.

A sum command appeared in Version 2 AT&T UNIX. The cksum utility appeared in 4.4BSD.

Do not use the cksum, md4, md5, sum, or sysvsum algorithms to verify file integrity. An attacker can trivially produce modified payload that has the same checksum as the original version. Use a cryptographic checksum instead.

April 15, 2013 OpenBSD-5.4