file checksums and block counts
utility writes to the standard output a
single line for each input file. The format of this line varies with the
algorithm being used as follows:
- The output line consists of three whitespace separated
fields: a CRC checksum, the number of octets in the input, and name of the
file or string. If no file name is specified, the standard input is used
and no file name is written.
- all others
- The output line consists of four whitespace separated
fields: the name of the algorithm used, the name of the file or string in
parentheses, an equals sign, and the cryptographic hash of the input. If
no file name is specified, the standard input is used and only the
cryptographic hash is output.
The options are as follows:
- Use the specified algorithm(s) instead of the default
(cksum). Supported algorithms include cksum, md5, rmd160, sha1, sha224,
sha256, sha384, sha512/256, and sha512. Multiple algorithms may be
specified, separated by a comma or whitespace. Additionally, multiple
-a options may be specified on the command
line. Case is ignored when matching algorithms. The output format may be
specified on a per-algorithm basis by using a single-character suffix,
e.g. “sha256b”. If the algorithm has a ‘b’
suffix, the checksum will be output in base64 format. If the algorithm has
an ‘x’ suffix, the checksum will be output in hex format. If
an algorithm with the same output format is repeated, only the first
instance is used. Note that output format suffixes are not supported for
the cksum algorithm.
- Output checksums in base64 notation, not hexadecimal by
default. A ‘b’ or ‘x’ suffix on the algorithm
will override this default. This option is ignored for the cksum
- Compare the checksum of each
file against the checksums in the
checklist. Any specified
file that is not listed in the
checklist will generate an error.
- If this option is specified, the
file options become checklists. Each
checklist should contain hash results in the normal format, which will be
verified against the specified paths. Output consists of the digest used,
the file name, and an OK, FAILED, or MISSING for the result of the
comparison. This will validate any of the supported checksums. If no file
is given, stdin is used. The -c option may
not be used in conjunction with more than a single
- Place the checksum into
hashfile instead of stdout.
- Echoes stdin to stdout and appends the checksum to
- Only print the checksum (quiet mode) or if used in
conjunction with the -c flag, only print the
- Reverse the format of the hash algorithm output, making it
match the checksum output format.
- Prints a checksum of the given
- Runs a built-in time trial. Specifying
-t multiple times results in the number of
rounds being multiplied by 10 for each additional flag.
- Runs a built-in test script.
The default CRC used is based on the polynomial used for CRC error checking in
the networking standard ISO/IEC 8802-3:1996. The other available algorithms
are described in their respective man pages in section 3 of the manual.
utility exits 0 on success,
and >0 if an error occurs.
The default calculation is identical to that given in pseudo-code in the
following ACM article:
Dilip V. Sarwate,
Computation of Cyclic Redundancy Checks Via Table
Lookup, Communications of the ACM,
utility is compliant with the
IEEE Std 1003.1-2008
All the flags are extensions to that specification.
utility appeared in
Do not use the cksum or md5 algorithms to verify file integrity. An attacker can
trivially produce modified payload that has the same checksum as the original
version. Use a cryptographic checksum instead.