{{Ambox|type=content|issue=SHA1 is a broken and proven vulnerable algorithm. The article may be rewritten with SHA256 (unbroken, as of Jan 2022), or some other safer alternative as the title and the main focus.}}{{Multiple issues|{{Technical|date=July 2021}}{{Context|date=July 2021}}}}

{{Short description|Software that calculates and verifies SHA-1 hashes}} {{Lowercase title}} '''{{mono|sha1sum}}''' is a computer program that calculates and verifies SHA-1 hashes. It is commonly used to verify the integrity of files. It (or a variant) is installed by default on most Linux distributions. Typically distributed alongside {{code|sha1sum}} are '''{{mono|sha224sum}}''', '''{{mono|sha256sum}}''', '''{{mono|sha384sum}}''' and '''{{mono|sha512sum}}''', which use a specific SHA-2 hash function and '''{{mono|b2sum}}''',<ref>{{Cite web|title=b2sum source code in GNU coreutils|url=https://github.com/coreutils/coreutils/tree/master/src/blake2|access-date=29 Jan 2022|website=GNU coreutils mirror at GitHub}}</ref> which uses the BLAKE2 cryptographic hash function.

The SHA-1 variants are ''proven'' vulnerable to collision attacks, and users should instead use, for example, a SHA-2 variant such as {{mono|sha256sum}} or the BLAKE2 variant '''{{mono|b2sum}}''' to prevent tampering by an adversary.<ref>{{cite web|url=https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html|title=Cryptanalysis of SHA-1|author=Bruce Schneier|publisher=Schneier on Security}}</ref><ref>{{Cite web|url=https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html|title = Announcing the first SHA1 collision}}</ref>

It is included in GNU Core Utilities,<ref>{{Cite web|url=https://www.gnu.org/software/coreutils/manual/html_node/sha1sum-invocation.html|title = Sha1sum invocation (GNU Coreutils 9.0)}}</ref> Busybox (excluding '''{{mono|b2sum}}'''),<ref>{{Cite web|url=https://github.com/mirror/busybox/blob/a6f8651/testsuite/sha1sum.tests|title = Mirror/Busybox| website=GitHub |date = 26 October 2021}}</ref> and Toybox (excluding '''{{mono|b2sum}}''').<ref>{{Cite web|url=https://github.com/landley/toybox/blob/409a8e093a4ea8e0892ab302b4fd433d08f435eb/toys/lsb/md5sum.c#L17|title = Landley/Toybox| website=GitHub |date = 26 October 2021}}</ref> Ports to a wide variety of systems are available, including Microsoft Windows.

== Examples == To create a file with a SHA-1 hash in it, if one is not provided: <syntaxhighlight lang="console"> $ sha1sum filename [filename2] ... > SHA1SUM </syntaxhighlight>

If distributing one file, the {{Mono|.sha1}} file extension may be appended to the filename e.g.: <syntaxhighlight lang="console"> $ sha1sum --binary my-zip.tar.gz > my-zip.tar.gz.sha1 </syntaxhighlight>

The output contains one line per file of the form "<code>{hash} SPACE (ASTERISK|SPACE) [{directory} SLASH] {filename}</code>". (Note well, if the hash digest creation is performed in text mode instead of binary mode, then there will be two space characters instead of a single space character and an asterisk.) For example: <syntaxhighlight lang="console"> $ sha1sum -b my-zip.tar.gz d5db29cd03a2ed055086cef9c31c252b4587d6d0 *my-zip.tar.gz $ sha1sum -b subdir/filename2 55086cef9c87d6d031cd5db29cd03a2ed0252b45 *subdir/filename2 </syntaxhighlight>

To verify that a file was downloaded correctly or that it has not been tampered with: <syntaxhighlight lang="console"> $ sha1sum -c SHA1SUM filename: OK filename2: OK $ sha1sum -c my-zip.tar.gz.sha1 my-zip.tar.gz: OK </syntaxhighlight>

===Hash file trees=== {{mono|sha1sum}} can only create checksums of one or multiple files inside a directory, but not of a directory tree, i.e. of subdirectories, sub-subdirectories, etc. and the files they contain. This is possible by using {{mono|sha1sum}} in combination with the <code>find</code> command with the {{code|-exec}} option, or by piping the output from {{mono|find}} into <code>xargs</code>. {{mono|sha1deep}} can create checksums of a directory tree.

To use {{mono|sha1sum}} with {{mono|find}}: <syntaxhighlight lang="console"> $ find s_* -type f -exec sha1sum '{}' \; 65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11 d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s21 5590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02 </syntaxhighlight>

Likewise, piping the output from {{mono|find}} into {{mono|xargs}} yields the same output: <syntaxhighlight lang="console"> $ find s_* -type f | xargs sha1sum 65c23f142ff6bcfdddeccebc0e5e63c41c9c1721 s_1/file_s11 d3d59905cf5fc930cd4bf5b709d5ffdbaa9443b2 s_2/file_s21 5590e00ea904568199b86aee4b770fb1b5645ab8 s_a/file_02 </syntaxhighlight>

== Related programs == * '''{{mono|shasum}}''' is a Perl program to calculate any of SHA-1, 224, 256, 384, 512 hashes.<ref>{{man|1|shasum|ManKier}}</ref> It is part of the ActivePerl distribution. * '''{{mono|sha3sum}}''' is a similarly named program that calculates SHA-3, HAKE, RawSHAKE, and Keccak functions.<ref>{{man|1|sha3sum|ManKier}}</ref> * The '''{{mono|<hash>sum}}''' naming convention is also used by the BLAKE team with {{code|b2sum}} and {{code|b3sum}}, by the program <code>tthsum</code>, and many others. * On FreeBSD and OpenBSD, the utilities are called {{mono|md5}}, {{mono|sha1}}, {{mono|sha256}}, and {{mono|sha512}}. These versions offer slightly different options and features. Additionally, FreeBSD offers the Skein family of message digests.<ref>{{man|1|md5|FreeBSD}}</ref>

== See also == * {{mono |cksum}} * {{mono |md5sum}} * {{mono |md5deep}} * GNU Core Utilities

==References== {{Reflist}}

== External links == * {{man|1|sha1sum|die.net}} * [http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000184.html sha1sum for Windows announcement] * [https://www.freebsd.org/cgi/man.cgi?query=md5 FreeBSD Manual Pages md5] * [https://man.openbsd.org/md5 OpenBSD General Commands Manual md5]

{{Core Utilities commands}}

Category:Cryptographic software Category:Unix security-related software