OpenBSD manual page server

Manual Page Search Parameters
SHA1(1) General Commands Manual SHA1(1)

sha1calculate a message-digest fingerprint (checksum) for a file

sha1 [-bpqrtx] [-c [checklist ...]] [-s string] [file ...]

sha1 takes as input a message of arbitrary length and produces as output a 160-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest (a collision), or to produce any message having a given prespecified target message digest. However, researchers have developed theoretical attacks that significantly reduce the amount of time needed to find a collision in SHA-1. The use of other message digest functions, such as sha256(1), is now preferred.

The SHA-1 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as .

The options are as follows:

Output checksums in base64 notation, not hexadecimal.
[checklist ...]
Compares all checksums contained in the file checklist with newly computed checksums for the corresponding files. Output consists of the digest used, the file name, and an OK or FAILED for the result of the comparison. This will validate any of the supported checksums (see cksum(1)). If no file is given, stdin is used.
Echoes stdin to stdout and appends the SHA-1 sum to stdout.
Only print the checksum (quiet mode).
Reverse the format of the hash algorithm output, making it match the output format used by cksum(1).
string
Prints a checksum of the given string.
Runs a built-in time trial. Specifying -t multiple times results in the number of rounds being multiplied by 10 for each additional flag.
Runs a built-in test script.

The SHA-1 sum of each file listed on the command line is printed after the options are processed.

The sha1 command is shorthand for

cksum -a sha1

The cksum(1) command can also be used to compute digests from the SHA-2 family: sha256, sha384 and sha512.

The sha1 utility exits 0 on success, and >0 if an error occurs.

cksum(1), md5(1), sha256(1)

X. Wang, Y. Yin, and H. Yu, Finding Collisions in the Full SHA-1, Crypto, 2005.

J. Burrows, The Secure Hash Standard, FIPS PUB 180-1.

D. Eastlake and P. Jones, US Secure Hash Algorithm 1 (SHA1), RFC 3174, September 2001.

Theoretical attacks that significantly reduce the amount of time needed to find a collision in SHA-1 have been developed. The use of sha256(1) is recommended instead.

September 22, 2012 OpenBSD-5.4