xref: /freebsd/sbin/md5/md5.1 (revision 0946e70a3b60dec23922cf3e0c313cb0917fee0a)
1.\" $FreeBSD$
2.Dd June 19, 2020
3.Dt MD5 1
4.Os
5.Sh NAME
6.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
7.Nm skein256 , skein512 , skein1024
8.Nd calculate a message-digest fingerprint (checksum) for a file
9.Sh SYNOPSIS
10.Nm
11.Op Fl pqrtx
12.Op Fl c Ar string
13.Op Fl s Ar string
14.Op Ar
15.Pp
16(All other hashes have the same options and usage.)
17.Sh DESCRIPTION
18The
19.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 ,
20.Nm skein256 , skein512 ,
21and
22.Nm skein1024
23utilities take as input a message of arbitrary length and produce as
24output a
25.Dq fingerprint
26or
27.Dq message digest
28of the input.
29It is conjectured that it is computationally infeasible to
30produce two messages having the same message digest, or to produce any
31message having a given prespecified target message digest.
32The SHA-224 , SHA-256 , SHA-384 , SHA-512, RIPEMD-160,
33and SKEIN
34algorithms are intended for digital signature applications, where a
35large file must be
36.Dq compressed
37in a secure manner before being encrypted with a private
38(secret)
39key under a public-key cryptosystem such as RSA.
40.Pp
41The MD5 and SHA-1 algorithms have been proven to be vulnerable to practical
42collision attacks and should not be relied upon to produce unique outputs,
43.Em nor should they be used as part of a cryptographic signature scheme.
44As of 2017-03-02, there is no publicly known method to
45.Em reverse
46either algorithm, i.e., to find an input that produces a specific
47output.
48.Pp
49SHA-512t256 is a version of SHA-512 truncated to only 256 bits.
50On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but
51with the same level of security.
52The hashes are not interchangeable.
53.Pp
54It is recommended that all new applications use SHA-512 or SKEIN-512
55instead of one of the other hash functions.
56.Pp
57The following options may be used in any combination and must
58precede any files named on the command line.
59The hexadecimal checksum of each file listed on the command line is printed
60after the options are processed.
61.Bl -tag -width indent
62.It Fl c Ar string
63Compare the digest of the file against this string.
64.Pq Note that this option is not yet useful if multiple files are specified.
65.It Fl s Ar string
66Print a checksum of the given
67.Ar string .
68.It Fl p
69Echo stdin to stdout and append the checksum to stdout.
70.It Fl q
71Quiet mode \(em only the checksum is printed out.
72Overrides the
73.Fl r
74option.
75.It Fl r
76Reverses the format of the output.
77This helps with visual diffs.
78Does nothing
79when combined with the
80.Fl ptx
81options.
82.It Fl t
83Run a built-in time trial.
84.It Fl x
85Run a built-in test script.
86.El
87.Sh EXIT STATUS
88The
89.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 ,
90.Nm skein256 , skein512 ,
91and
92.Nm skein1024
93utilities exit 0 on success,
941 if at least one of the input files could not be read,
95and 2 if at least one file does not have the same hash as the
96.Fl c
97option.
98.Sh EXAMPLES
99Calculate the MD5 checksum of the string
100.Dq Hello .
101.Bd -literal -offset indent
102$ md5 -s Hello
103MD5 ("Hello") = 8b1a9953c4611296a827abf8c47804d7
104.Ed
105.Pp
106Same as above, but note the absence of the newline character in the input
107string:
108.Bd -literal -offset indent
109$ echo -n Hello | md5
1108b1a9953c4611296a827abf8c47804d7
111.Ed
112.Pp
113Calculate the checksum of multiple files reversing the output:
114.Bd -literal -offset indent
115$ md5 -r /boot/loader.conf /etc/rc.conf
116ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf
117d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf
118.Ed
119.Pp
120Write the digest for
121.Pa /boot/loader.conf
122in a file named
123.Pa digest .
124Then calculate the checksum again and validate it against the checksum string
125extracted from the
126.Pa digest
127file:
128.Bd -literal -offset indent
129$ md5 /boot/loader.conf > digest && md5 -c $(cut -f2 -d= digest) /boot/loader.conf
130MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6
131.Ed
132.Pp
133Same as above but comparing the digest against an invalid string
134.Pq Dq randomstring ,
135which results in a failure.
136.Bd -literal -offset indent
137$ md5 -c randomstring /boot/loader.conf
138MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ]
139.Ed
140.Sh SEE ALSO
141.Xr cksum 1 ,
142.Xr md5 3 ,
143.Xr ripemd 3 ,
144.Xr sha 3 ,
145.Xr sha256 3 ,
146.Xr sha384 3 ,
147.Xr sha512 3 ,
148.Xr skein 3
149.Rs
150.%A R. Rivest
151.%T The MD5 Message-Digest Algorithm
152.%O RFC1321
153.Re
154.Rs
155.%A J. Burrows
156.%T The Secure Hash Standard
157.%O FIPS PUB 180-2
158.Re
159.Rs
160.%A D. Eastlake and P. Jones
161.%T US Secure Hash Algorithm 1
162.%O RFC 3174
163.Re
164.Pp
165RIPEMD-160 is part of the ISO draft standard
166.Qq ISO/IEC DIS 10118-3
167on dedicated hash functions.
168.Pp
169Secure Hash Standard (SHS):
170.Pa http://csrc.nist.gov/cryptval/shs.html .
171.Pp
172The RIPEMD-160 page:
173.Pa http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html .
174.Sh ACKNOWLEDGMENTS
175This program is placed in the public domain for free general use by
176RSA Data Security.
177.Pp
178Support for SHA-1 and RIPEMD-160 has been added by
179.An Oliver Eikemeier Aq Mt eik@FreeBSD.org .
180