Command: md5sum
MD5SUM is a Public Domain program used for computing and checking
cryptographic message digests (or check values) of files. It was
written with the Unix philosophy of reading from standard input and
writing to standard output, and options can be delimited with "-"
and "/" in this program version.
Syntax:
md5sum [/TBV] [/C [file]] | [file...]
md5sum [/?]
Options:
/C Check message digests (default is generate).
/[-]V Enable or disable verbose mode (default is off).
/[-]L Enable or disable LFN usage (default is enable if
supported)
/[-]R[num] Enable or diable recursing (default is off).
num is a number from 1 to 9 and limits recursion
(default=4)
/[-]S Same as /[-]R=].
/T Read files in text mode.
/B Read files in binary mode (default; overrides /T).
/M[:|=]mode Select the digest mode (SHA or MD5).
/? Shows the help.
The input for /C should be a list of message digests and file names
that is printed on stdout by this program when it generates digests.
Note that now, both '-' and '/' switches are accepted.
When checking files, MD5SUM generates no output if the files match
their fingerprints, unless you also specify the -v switch. If there
is a problem, it will generate one or more of the following messages:
MD5SUM.EXE: can't open filename
MD5SUM.EXE: error reading filename
MD5SUM.EXE: MD5 check failed for filename
MD5SUM.EXE: _ of _ file(s) failed MD5 check
MD5SUM.EXE: no files checked
The argument for /M should be a digest mode, which could possible be
SHA, CRC32, SHA256 or MD5, depending on how MD5SUM was compiled.
Comments:
If the MD5 message digest "fingerprint" of a file has not changed,
this is a VERY good indication that the contents of the file has not
changed. Even if you wanted to change a file in such a way that it
still had the same MD5 "fingerprint," you probably couldn't do it
without a lot of supercomputer time (and neither could a bad guy).
This makes it useful for detection of forgeries, viruses, and just
plain transmission errors. Note that this is much more powerful than
a normal CRC, which is good at detecting some kinds of transmission
errors, but can easily be forged. This is also useful for signing a
collection of files with a digital signature (using PGP, a PEM
implementation, or some kind of DSA implementation, for example),
without having to individually sign each file. Simply create a text
file with the "fingerprints" of each file you wish to sign, then sign
that text file.
COMPUTING FILE MD5 FINGERPRINTS
To compute the MD5 fingerprint of a text file, simply type
MD5SUM filename(s)
"Wild cards" (like * and ?) ARE supported by this program, you can
also put more than one file name on the command line. Since the
program is assuming that this is a text file, line endings conventions
may differ and still result in the same check value.
MD5SUM filename(s)
To see the file names displayed while computing "fingerprints,"
include the -v option, like:
MD5SUM -v filename(s)
To write the output to a file instead of just displaying it on the
screen, use redirection with the ">" character, like:
MD5SUM -v filename(s) > md5file
To append the output to an existing file, use two > characters, like:
MD5SUM -v filename(s) >> md5file
ADDING COMMENTS TO CHECK FILES
Sometimes it is nice to add comments to files containing MD5 finger-
prints. To do this, just edit the files made using the above
instructions to add in what you want to say. Lines that do not start
with valid hexadecimal digits are ignored as comments.
CHECKING FILES AGAINST STORED FINGERPRINTS
To check all of the files listed in check files as generated above to
see if they have changed:
MD5SUM -c md5file
For a more verbose listing of results (listing file names followed by
"OK" or "FAILED"), type:
MD5SUM -cv md5file
DETECTING MODIFICATION OR FORGERY OF FINGERPRINT FILES
One way to prevent alteration of fingerprint files is to store several
copies in different secure places, then compare them from time to time.
Another way is to use a digital signature produced by PGP, some PEM
implementation, or a DSS implementation. PGP is the most widely used
digital signature program in the public sector right now.
MD5SUM supports NLS (national language support).
Examples:
md5sum /M:MD5 /V c:\autoexec.bat
Creates and shows an MD5 fingerprint of autoexec.bat (works with
CRC32, SHA and SHA256).
md5sum /M:SHA /R C:\*.* > D:\myhashes.txt
Creates an SHA fingerprint of all files at C:\ and subdirectories
and writes it to D:\myhashes.txt. Please note that edit supports
only 64 KB size, so another editor maybe needed to open the file.
If you use the same partition for "myhashes.txt" the hash value
of this file maybe wrong.
md5sum -cv d:\myhashes.txt
Checks all listed files and reports files that failed. The amount
of FAILS is shown at the end, but not path and filename as the
list runs through very fast.
md5sum -cv d:\myhashes.txt > report.txt
Creates a file report.txt. You can open it with an editor and
use the search function to find "FAILED" and with this path and
filename of the modified file.
See also:
bsum
comp
diskcomp
fc
Copyright © 2005 Blair Campbell, help version 2023 W. Spiegl.
This file is derived from the FreeDOS Spec Command HOWTO.
See the file H2Cpying for copying conditions.