Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MD5(1)			FreeBSD	General	Commands Manual			MD5(1)

NAME
     md5, sha1,	sha224,	sha256,	sha384,	sha512,	sha512t256, rmd160, skein256,
     skein512, skein1024, md5sum, sha1sum, sha224sum, sha256sum, sha384sum,
     sha512sum,	sha512t256sum, rmd160sum, skein256sum, skein512sum,
     skein1024sum -- calculate a message-digest	fingerprint (checksum) for a
     file

SYNOPSIS
     md5 [-pqrtx] [-c string] [-s string] [file	...]

     md5sum [-pqrtx] [-c file] [-s string] [file ...]

	 (All other hashes have	the same options and usage.)

DESCRIPTION
     The md5, sha1, sha224, sha256, sha384, sha512, sha512t256,	rmd160,
     skein256, skein512, and skein1024 utilities take as input a message of
     arbitrary length and produce as output a "fingerprint" or "message
     digest" of	the input.  The	md5sum,	sha1sum, sha224sum, sha256sum,
     sha384sum,	sha512sum, sha512t256sum, rmd160sum, skein256sum, skein512sum,
     and skein1024sum utilities	do the same, but default to the	reversed for-
     mat of the	-r flag.  It is	conjectured that it is computationally infea-
     sible to produce two messages having the same message digest, or to pro-
     duce any message having a given prespecified target message digest.  The
     SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,	and SKEIN algorithms
     are intended for digital signature	applications, where a large file must
     be	"compressed" in	a secure manner	before being encrypted with a private
     (secret) key under	a public-key cryptosystem such as RSA.

     The MD5 and SHA-1 algorithms have been proven to be vulnerable to practi-
     cal collision attacks and should not be relied upon to produce unique
     outputs, nor should they be used as part of a cryptographic signature
     scheme. As	of 2017-03-02, there is	no publicly known method to reverse
     either algorithm, i.e., to	find an	input that produces a specific output.

     SHA-512t256 is a version of SHA-512 truncated to only 256 bits.  On
     64-bit hardware, this algorithm is	approximately 50% faster than SHA-256
     but with the same level of	security.  The hashes are not interchangeable.

     It	is recommended that all	new applications use SHA-512 or	SKEIN-512 in-
     stead of one of the other hash functions.

     The following options may be used in any combination and must precede any
     files named on the	command	line.  The hexadecimal checksum	of each	file
     listed on the command line	is printed after the options are processed.

     -b	     Make the -sum programs separate hash and digest with a blank fol-
	     lowed by an asterisk instead of by	2 blank	characters for full
	     compatibility with	the output generated by	the coreutils versions
	     of	these programs.

     -c	string
	     If	the program was	called with a name that	does not end in	sum,
	     compare the digest	of the file against this string.  (Note	that
	     this option is not	yet useful if multiple files are specified.)

     -c	file
	     If	the program was	called with a name that	does end in sum, the
	     file passed as argument must contain digest lines generated by
	     the same digest algorithm with or without the -r option (i.e. in
	     either classical BSD format or in GNU coreutils format).  A line
	     with the file name	followed by a colon "":	and either OK or
	     FAILED is written for each	well-formed line in the	digest file.
	     If	applicable, the	number of failed comparisons and the number of
	     lines that	were skipped since they	were not well-formed are
	     printed at	the end.  The -q option	can be used to quiesce the
	     output unless there are mismatched	entries	in the digest.

     -s	string
	     Print a checksum of the given string.

     -p	     Echo stdin	to stdout and append the checksum to stdout.

     -q	     Quiet mode	-- only	the checksum is	printed	out.  Overrides	the -r
	     option.

     -r	     Reverses the format of the	output.	 This helps with visual	diffs.
	     Does nothing when combined	with the -ptx options.

     -t	     Run a built-in time trial.	 For the -sum versions,	this is	a nop
	     for compatibility with coreutils.

     -x	     Run a built-in test script.

EXIT STATUS
     The md5, sha1, sha224, sha256, sha512, sha512t256,	rmd160,	skein256,
     skein512, and skein1024 utilities exit 0 on success, 1 if at least	one of
     the input files could not be read,	and 2 if at least one file does	not
     have the same hash	as the -c option.

EXAMPLES
     Calculate the MD5 checksum	of the string "Hello".

	   $ md5 -s Hello
	   MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7

     Same as above, but	note the absence of the	newline	character in the input
     string:

	   $ echo -n Hello | md5
	   8b1a9953c4611296a827abf8c47804d7

     Calculate the checksum of multiple	files reversing	the output:

	   $ md5 -r /boot/loader.conf /etc/rc.conf
	   ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
	   d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
	   The
	   -sum
	   variants put	2 blank	characters between hash	and file name for full compatibility
	   with	the coreutils versions of these	commands.

     Write the digest for /boot/loader.conf in a file named digest.  Then cal-
     culate the	checksum again and validate it against the checksum string ex-
     tracted from the digest file:

	   $ md5 /boot/loader.conf > digest && md5 -c $(cut -f2	-d= digest) /boot/loader.conf
	   MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6

     Same as above but comparing the digest against an invalid string
     ("randomstring"), which results in	a failure.

	   $ md5 -c randomstring /boot/loader.conf
	   MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [	Failed ]

     If	invoked	with a name ending in -sum the -c option does not compare
     against a hash string passed as parameter.	 Instead, it expects a digest
     file, as created under the	name digest for	/boot/loader.conf in the exam-
     ple above.

	   $ md5 -c digest /boot/loader.conf
	   /boot/loader.conf: OK

     The digest	file may contain any number of lines in	the format generated
     with or without the -r option (i.e. in either classical BSD format	or in
     GNU coreutils format).  If	a hash value does not match the	file, FAILED
     is	printed	instead	of OK.

SEE ALSO
     cksum(1), md5(3), ripemd(3), sha(3), sha256(3), sha384(3),	sha512(3),
     skein(3)

     R.	Rivest,	The MD5	Message-Digest Algorithm, RFC1321.

     J.	Burrows, The Secure Hash Standard, FIPS	PUB 180-2.

     D.	Eastlake and P.	Jones, US Secure Hash Algorithm	1, RFC 3174.

     RIPEMD-160	is part	of the ISO draft standard "ISO/IEC DIS 10118-3"	on
     dedicated hash functions.

     Secure Hash Standard (SHS): http://csrc.nist.gov/cryptval/shs.html.

     The RIPEMD-160 page:
     http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html.

BUGS
     All of the	utilities that end in `sum' are	intended to be compatible with
     the GNU coreutils programs.  However, the long option functionality is
     not provided.

ACKNOWLEDGMENTS
     This program is placed in the public domain for free general use by RSA
     Data Security.

     Support for SHA-1 and RIPEMD-160 has been added by	Oliver Eikemeier
     <eik@FreeBSD.org>.

FreeBSD	13.0			 June 29, 2021			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES | SEE ALSO | BUGS | ACKNOWLEDGMENTS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=md5&sektion=1&manpath=FreeBSD+13.0-RELEASE>

home | help