- HowToSHA256SUM
- sha256
- sha256sum on Linux
- Check the iso file
- Manual method
- Semi-automatic method
- Success
- Check the CD
- Manual method
- Success?
- MD5SUM on Mac OS X
- digest(1) on Solaris
- SHA256SUM on Windows
- MD5SUM with «Checksums calculator»
- SHA256SUM on CD
- SHA256SUM of burnt media
- External Links
- Open SSL
- SYNOPSIS
- DESCRIPTION
- RETURN VALUES
- CONFORMING TO
- SEE ALSO
- HISTORY
- COPYRIGHT
- master manpages
- This manpage
HowToSHA256SUM
The program sha256sum is designed to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits). SHA-256 hashes used properly can confirm both file integrity and authenticity. SHA-256 serves a similar purpose to a prior algorithm recommended by Ubuntu, MD5, but is less vulnerable to attack.
Comparing hashes makes it possible to detect changes in files that would cause errors. The possibility of changes (errors) is proportional to the size of the file; the possibility of errors increase as the file becomes larger. It is a very good idea to run an SHA-256 hash comparison check when you have a file like an operating system install CD that has to be 100% correct.
In terms of security, cryptographic hashes such as SHA-256 allow for authentication of data obtained from insecure mirrors. The SHA-256 hash must be signed or come from a secure source (such as a HTTPS page or a GPG-signed file) of an organization you trust. See the SHA-256 checksum file for the release you’re using under http://releases.ubuntu.com, such as http://cdimage.ubuntu.com/daily-live/current/SHA256SUMS . You should verify this file using the PGP signature, SHA256SUMS.gpg (such as http://cdimage.ubuntu.com/daily-live/current/SHA256SUMS.gpg ) as described in VerifyIsoHowto.
sha256
sha256sum on Linux
Most Linux distributions come with the sha256sum utility (on Ubuntu it is part of the coreutils package). We are going to use the Ubuntu 9.10 LiveDVD for the following example:
Check the iso file
Ubuntu distributes the SHA-256 checksum hashes in a file called SHA256SUMS in the same directory listing as the download page for your release http://releases.ubuntu.com.
Manual method
sha256sum ubuntu-9.10-dvd-i386.iso
c01b39c7a35ccc3b081a3e83d2c71fa9a767ebfeb45c69f08e17dfe3ef375a7b *ubuntu-9.10-dvd-i386.iso
Compare the hash (the alphanumeric string on left) that your machine calculated with the corresponding hash in the SHA256SUMS file.
When both hashes match exactly then the downloaded file is almost certainly intact. If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please be kind and notify the web-master of that mirror so they can investigate the issue.
Semi-automatic method
cd download_directory sha256sum -c SHA256SUMS 2>&1 | grep OK
If the OK for your file appears, that indicates the hash matches.
Success
Once you have verified the sha256 hash, go ahead and burn the CD. You may want to refer to the BurningIsoHowto page.
Check the CD
So far so good, you have downloaded an iso and verified its integrity. When you boot from the CD you will be given the option to test its integrity. Great, but if the CD is corrupt then you have already wasted time rebooting. You can check the integrity of the CD without rebooting as follows.
Manual method
Check the calculated hash against UbuntuHashes as shown for the iso file above. Depending on your system, you may need to change cdrom to cdrom0 (or even cdrom1 if you have two CD drives).
Success?
Congratulations, you now have a verified Ubuntu CD. Go ahead and use it (or play frisbee with it if you want).
MD5SUM on Mac OS X
This should be updated by someone with access to a Mac.
There are three methods of using md5sumsum on an OS X machine.
Method 1 — The easiest (if MD5 is available) is using the Disk Utility program (Applications > Utilities, or by choosing «Utilities» from the Finder’s «Go» menu). Open Disk Utility and wait for it to gather information about your disks. Go to the directory where you downloaded the Ubuntu disk image, and drag it to Disk Utility’s dock icon (displays on the left-hand side of Disk Utility, underneath your physical drives). Select the iso file. Go to the «Images» menu and select Checksum > MD5. Be sure to choose «MD5» and NOT «MD5 image checksum» or «CRC-32 image checksum», as they are not the same and will give you different results.
Method 2 — If MD5 is not available in the Images > Checksum menu, open a terminal window (Applications > Utilities > Terminal.app). Type «md5», type a space, drag the iso file into the terminal window (appends command with iso file path), and press Enter. The command line returns the hash number.
Method 3 — You can use the Terminal.app and follow the instructions for SHA256SUM on Linux, except use the command «openssl md5» instead of «sha256sum».
Each method returns a hash number. Compare the hash number with the corresponding hash on the UbuntuHashes page. When both hashes match exactly, then the downloaded file is almost certainly intact.
If the hashes do not match, then there was a problem with either the download or a problem with the server. You should download the file again from either the same mirror, or from a different mirror if you suspect a server error. If you continuously receive an erroneous file from a server, please notify the web-master of that mirror so they can investigate the issue.
digest(1) on Solaris
$ digest -a sha256 ubuntu-9.10-dvd-i386.iso c01b39c7a35ccc3b081a3e83d2c71fa9a767ebfeb45c69f08e17dfe3ef375a7b
SHA256SUM on Windows
This section also needs to be updated. Is there a sha256sum.exe file distributed by a reliable source? Is there a good GUI?
Windows does not come with sha256sum. You must download one from another location, preferably one that you trust. There are command line utilities that work similarly to the Unix utility; one public domain version with source is available from Fourmilab, but the version available from Cygwin is probably easier to install and update, and Cygwin is also recommended and trusted as the source for many more Unixy utilities. Once installed, Cygwin’s sha256sum behaves exactly as described in SHA256SUM on Linux above.
- Download and install winSha256sum, a free and open source hash verification program.
- Right-click the ISO file.
- Click Send To, then winSha256sum.
- Wait for winSha256sum to load and finish the checksum (this may take a significant amount of time depending on your computer’s performance).
- Copy the corresponding hash from UbuntuHashes into the bottom text box.
- Click «Compare»
- A message box will say «MD5 Check Sums are the same» if the hashes are equal.
MD5SUM with «Checksums calculator»
«Checksums calculator” is an open source GUI application that has been developed to run on Windows, MacOS X and Linux operating systems on 32bit and 64bit architectures while is translated into 19 languages. It gives you the ability to calculate checksums of functions: md5, sha1, sha256, sha384 and sha512. It is very simple to use, after downloaded the zip file with the version that fits on your computer, doesn’t require any installation, just unzip it to any folder of your choice. Once you run it, select the file you want to calculate the checksum, then select the function and click the «Calculate» button. If you want to compare the result, in the field «Original checksum» give the checksum that you downloaded and click the «Compare» button. You can download the application here.
The program while is running under Windows 7 64bit.
The program while is running under Snow Leopard 10.6 32bit.
The program while is running under Ubuntu 10.04 64bit.
SHA256SUM on CD
I don’t know if there is now a sha256sum.txt file on the CD.
To see if your Ubuntu CD was corrupted when burned to the disk, see the CDIntegrityCheck page, or follow the instructions below.
First mount the CD, if not already mounted:
Then use the supplied sha256sum file on the CD:
Be patient, it takes some time. If the command outputs any errors, you’ll know that either the burn was bad or the .iso is corrupt. Please note that this method does not verify authenticity unless the hash of the iso file is compared to the hash at the secure UbuntuHashes page.
Finally, you can unmount the CD after leaving the folder:
SHA256SUM of burnt media
$ grep ubuntu-9.10-dvd-i386.iso SHA256SUMS | tee /proc/self/fd/2 | sha256sum --check - c01b39c7a35ccc3b081a3e83d2c71fa9a767ebfeb45c69f08e17dfe3ef375a7b *ubuntu-9.10-dvd-i386.iso ubuntu-9.10-dvd-i386.iso: OK
$ sha256sum /dev/cdrom c01b39c7a35ccc3b081a3e83d2c71fa9a767ebfeb45c69f08e17dfe3ef375a7b /dev/cdrom
where «/dev/cdrom» is typically a soft-link to your CD/DVD reader/burner. Note that the checksum matches.
External Links
HowToSHA256SUM (последним исправлял пользователь ip-84-203-58-58 2015-12-14 23:05:24)
The material on this wiki is available under a free license, see Copyright / License for details
You can contribute to this wiki, see Wiki Guide for details
Open SSL
SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final — Secure Hash Algorithm
SYNOPSIS
#include unsigned char *SHA1(const unsigned char *data, size_t count, unsigned char *md_buf); unsigned char *SHA224(const unsigned char *data, size_t count, unsigned char *md_buf); unsigned char *SHA256(const unsigned char *data, size_t count, unsigned char *md_buf); unsigned char *SHA384(const unsigned char *data, size_t count, unsigned char *md_buf); unsigned char *SHA512(const unsigned char *data, size_t count, unsigned char *md_buf);
The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining OPENSSL_API_COMPAT with a suitable version value, see openssl_user_macros(7):
int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); int SHA256_Init(SHA256_CTX *c); int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); int SHA512_Init(SHA512_CTX *c); int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c);
DESCRIPTION
All of the functions described on this page except for SHA1(), SHA224(), SHA256(), SHA384() and SHA512() are deprecated. Applications should instead use EVP_DigestInit_ex(3), EVP_DigestUpdate(3) and EVP_DigestFinal_ex(3), or the quick one-shot function EVP_Q_digest(3). SHA1(), SHA224(), SHA256(), SHA384(), and SHA256() can continue to be used. They can also be replaced by, e.g.,
(EVP_Q_digest(d, n, md, NULL, NULL, "SHA256", NULL) ? md : NULL)
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a 160 bit output.
SHA1() computes the SHA-1 message digest of the n bytes at d and places it in md (which must have space for SHA_DIGEST_LENGTH == 20 bytes of output). If md is NULL, the digest is placed in a static array. Note: setting md to NULL is not thread safe.
The following functions may be used if the message is not completely stored in memory:
SHA1_Init() initializes a SHA_CTX structure.
SHA1_Update() can be called repeatedly with chunks of the message to be hashed (len bytes at data).
SHA1_Final() places the message digest in md, which must have space for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the SHA_CTX.
The SHA224, SHA256, SHA384 and SHA512 families of functions operate in the same way as for the SHA1 functions. Note that SHA224 and SHA256 use a SHA256_CTX object instead of SHA_CTX. SHA384 and SHA512 use SHA512_CTX. The buffer md must have space for the output from the SHA variant being used (defined by SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH and SHA512_DIGEST_LENGTH). Also note that, as for the SHA1() function above, the SHA224(), SHA256(), SHA384() and SHA512() functions are not thread safe if md is NULL.
RETURN VALUES
SHA1(), SHA224(), SHA256(), SHA384() and SHA512() return a pointer to the hash value.
SHA1_Init(), SHA1_Update() and SHA1_Final() and equivalent SHA224, SHA256, SHA384 and SHA512 functions return 1 for success, 0 otherwise.
CONFORMING TO
US Federal Information Processing Standard FIPS PUB 180-4 (Secure Hash Standard), ANSI X9.30
SEE ALSO
HISTORY
All of these functions except SHA*() were deprecated in OpenSSL 3.0.
COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the «License»). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.
master manpages
This manpage
Please report problems with this website to webmaster at openssl.org.
Copyright © 1999-2023 The OpenSSL Project Authors. All Rights Reserved.