sha1sum command computes the
SHA-1 message digest of a file. This allows it be compared to a published message digest to check whether the file is unmodified from the original. As such the
sha1sum command can be used to attempt to verify the integrity of a file.
SHA-1 produces a 160-bit (20 byte) hash value known as a message digest. Although
SHA-1 is no longer considered secure against well funded opponents it is still widely used to verify files.
To get the
SHA-1 of a file pass the path of a file to the
sha1sum command. The
SHA-1 will be printed to standard output printing first the
SHA-1 checksum then the name of the file.
sha1sum somefile.txt da39a3ee5e6b4b0d3255bfef95601890afd80709 somefile.txt
To write the
SHA-1 of a file standard shell redirection can be used.
sha1sum somefile.txt > somefile.txt.sha1 cat somefile.txt.sha1 da39a3ee5e6b4b0d3255bfef95601890afd80709 somefile.txt
If the file
somefile.txt is to be distributed on the Internet the accompanying
SHA-1 file can be distributed with it. This allows anyone downloading or receiving the file to verify (to some extent) that the file has not been tampered with. Normally the canonical author of a file will also publish the
SHA-1 of the file. It is worth verifying that the published
SHA-1 also matches the one published by the author on any webpage relating to the download.
SHA-1 file has been provided with a download this can be used to check the integrity of a downloaded file. To check the
SHA-1 of a file use the
-c option and pass the
SHA-1 checksum file that corresponds to the file or files you wish to check. If not file has been provided with the download the author of the file will normally publish a
SHA-1 message digest and this can be checked manually by comparing the output of
sha1sum [file] with the published message digest.
ls somefile.txt somefile.txt.sha1 sha1sum -c somefile.txt.sha1 somefile.txt: OK
SHA-1 code matches an OK will be printed to standard output along with the filename verified. If the
SHA-1 code fails to match a failure message will be printed to standard output and the file should not be trusted.
sha1sum -c somefile.txt.sha1 somefile.txt: FAILED sha1sum: WARNING: 1 computed checksum did NOT match
With all issues relating to security things move fast. The
md5 hashing algorithm is now widely considered to be insecure. The
sha1 hashing algorithm is also expected to be insecure. As such it is expected that new algorithms will eventually emerge and be widely used. Already there are many checksum commands distributed with Linux and it is expected this will evolve.
sha[TAB] sha1sum sha224sum sha256sum sha384sum sha512sum shasum
For each of these hashing algorithms the command options and behaviour is the same so when a hashing algorithm changes it is a drop-in replacement.
Have an update or suggestion for this article? You can edit it here and send me a pull request.