diff options
Diffstat (limited to 'sbin/md5/md5.1')
-rw-r--r-- | sbin/md5/md5.1 | 344 |
1 files changed, 264 insertions, 80 deletions
diff --git a/sbin/md5/md5.1 b/sbin/md5/md5.1 index 899e49ba3517..b530292c8269 100644 --- a/sbin/md5/md5.1 +++ b/sbin/md5/md5.1 @@ -1,12 +1,14 @@ -.\" $FreeBSD$ -.Dd Feb 5, 2022 +.Dd March 12, 2024 .Dt MD5 1 .Os .Sh NAME -.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , -.Nm skein256 , skein512 , skein1024 , -.Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum , -.Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , skein1024sum +.Nm md5 , sha1 , sha224 , sha256 , sha384 , +.Nm sha512 , sha512t224 , sha512t256 , +.Nm rmd160 , skein256 , skein512 , skein1024 , +.Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , +.Nm sha512sum , sha512t224sum , sha512t256sum , +.Nm rmd160sum , skein256sum , skein512sum , skein1024sum , +.Nm shasum .Nd calculate a message-digest fingerprint (checksum) for a file .Sh SYNOPSIS .Nm @@ -16,16 +18,44 @@ .Op Ar .Pp .Nm md5sum -.Op Fl pqrtx -.Op Fl c Ar file -.Op Fl s Ar string +.Op Fl bctwz +.Op Fl -binary +.Op Fl -check +.Op Fl -help +.Op Fl -ignore-missing +.Op Fl -quiet +.Op Fl -status +.Op Fl -strict +.Op Fl -tag +.Op Fl -text +.Op Fl -version +.Op Fl -warn +.Op Fl -zero .Op Ar .Pp (All other hashes have the same options and usage.) +.Pp +.Nm shasum +.Op Fl 0bchqstUvw +.Op Fl -01 +.Op Fl a | -algorithm Ar alg +.Op Fl -binary +.Op Fl -check +.Op Fl -help +.Op Fl -ignore-missing +.Op Fl -quiet +.Op Fl -status +.Op Fl -strict +.Op Fl -tag +.Op Fl -text +.Op Fl -UNIVERSAL +.Op Fl -version +.Op Fl -warn +.Op Ar .Sh DESCRIPTION The -.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t256 , rmd160 , -.Nm skein256 , skein512 , +.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , sha512t224 , sha512t256 , +.Nm rmd160 , skein256 , skein512 , and .Nm skein1024 utilities take as input a message of arbitrary length and produce as @@ -34,15 +64,26 @@ output a or .Dq message digest of the input. +.Pp The .Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum , -.Nm sha512t256sum , rmd160sum , skein256sum , skein512sum , +.Nm sha512t224sum , sha512t256sum , rmd160sum , skein256sum , skein512sum , and .Nm skein1024sum -utilities do the same, but default to the reversed format of -the -.Fl r -flag. +utilities do the same, but with command-line options and an output +format that match those of their similary named GNU utilities. +.Pp +The +.Nm shasum +utility does the same, but with command-line options and an output +format that match those of the similarly named utility that ships with +Perl. +.Pp +In all cases, each file listed on the command line is processed separately. +If no files are listed on the command line, or a file name is given as +.Pa - , +input is taken from stdin instead. +.Pp It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. @@ -68,72 +109,179 @@ On 64-bit hardware, this algorithm is approximately 50% faster than SHA-256 but with the same level of security. The hashes are not interchangeable. .Pp +SHA-512t224 is identical to SHA-512t256, but with the digest truncated +to 224 bits. +.Pp It is recommended that all new applications use SHA-512 or SKEIN-512 instead of one of the other hash functions. -.Pp -The following options may be used in any combination and must -precede any files named on the command line. -The hexadecimal checksum of each file listed on the command line is printed -after the options are processed. +.Ss BSD OPTIONS +The following options are available in BSD mode, i.e. when the program +is invoked with a name that does not end in +.Dq sum : .Bl -tag -width indent -.It Fl b -Make the -.Nm -sum -programs separate hash and digest with a blank followed by an asterisk instead -of by 2 blank characters for full compatibility with the output generated by the -coreutils versions of these programs. -.It Fl c Ar string -If the program was called with a name that does not end in -.Nm sum , -compare the digest of the file against this string. -.Pq Note that this option is not yet useful if multiple files are specified. -.It Fl c Ar file -If the program was called with a name that does end in -.Nm sum , -the file passed as argument must contain digest lines generated by the same -digest algorithm with or without the -.Fl r -option -.Pq i.e. in either classical BSD format or in GNU coreutils format . -A line with the file name followed by a colon -.Dq ":" -and either OK or FAILED is written for each well-formed line in the digest file. -If applicable, the number of failed comparisons and the number of lines that were -skipped since they were not well-formed are printed at the end. -The +.It Fl c Ar string , Fl -check= Ns Ar string +Compare the digest of the file against this string. +If combined with the .Fl q -option can be used to quiesce the output unless there are mismatched entries in -the digest. -.Pp -.It Fl s Ar string -Print a checksum of the given -.Ar string . -.It Fl p +or +.Fl -quiet +option, the calculated digest is printed in addition to the exit status being set. +.Pq Note that this option is not yet useful if multiple files are specified. +.It Fl p , -passthrough Echo stdin to stdout and append the checksum to stdout. -.It Fl q +In this mode, any files specified on the command line are silently ignored. +.It Fl q , -quiet Quiet mode \(em only the checksum is printed out. Overrides the .Fl r +or +.Fl -reverse option. -.It Fl r +.It Fl r , -reverse Reverses the format of the output. This helps with visual diffs. Does nothing when combined with the .Fl ptx options. -.It Fl t +.It Fl s Ar string , Fl -string= Ns Ar string +Print a checksum of the given +.Ar string . +In this mode, any files specified on the command line are silently ignored. +.It Fl t , Fl -time-trial Run a built-in time trial. For the .Nm -sum versions, this is a nop for compatibility with coreutils. -.It Fl x +.It Fl x , Fl -self-test Run a built-in test script. .El +.Ss GNU OPTIONS +The following options are available in GNU mode, i.e. when the program +is invoked with a name that ends in +.Dq sum : +.Bl -tag -width indent +.It Fl b , Fl -binary +Read files in binary mode. +.It Fl c , Fl -check +The file passed as arguments must contain digest lines generated by the same +digest algorithm in either classical BSD format or in GNU coreutils format. +A line with the file name followed by a colon +.Dq ":" +and either OK or FAILED is written for each well-formed line in the digest file. +If applicable, the number of failed comparisons and the number of lines that were +skipped since they were not well-formed are printed at the end. +The +.Fl -quiet +option can be used to quiesce the output unless there are mismatched entries in +the digest. +.It Fl -help +Print a usage message and exit. +.It Fl -ignore-missing +When verifying checksums, ignore files for which checksums are given +but which aren't found on disk. +.It Fl -quiet +When verifying checksums, do not print anything unless the +verification fails. +.It Fl -status +When verifying checksums, do not print anything at all. +The exit code will reflect whether verification succeeded. +.It Fl -strict +When verifying checksums, fail if the input is malformed. +.It Fl -tag +Produce BSD-style output. +.It Fl t , Fl -text +Read files in text mode. +This is the default. +Note that this implementation does not differentiate between binary +and text mode. +.It Fl -version +Print version information and exit. +.It Fl w , Fl -warn +When verifying checksums, warn about malformed input. +.It Fl z , Fl -zero +Terminate output lines with NUL rather than with newline. +.El +.Ss PERL OPTIONS +The following options are available in Perl mode, i.e. when the program +is invoked with the name +.Dq shasum : +.Bl -tag -width indent +.It Fl 0 , Fl -01 +Read files in bits mode: ASCII +.Sq 0 +and +.Sq 1 +characters correspond to 0 and 1 bits, respectively, and all other +characters are ignored. +See +.Sx BUGS . +.It Fl a Ar alg , Fl -algorithm Ar alg +Use the specified algorithm: +.Dq 1 +for SHA-1 (default), +.Dq xxx +for +.Va xxx Ns -bit +SHA-2 (e.g. +.Dq 256 +for SHA-256) +or +.Dq xxxyyy +for +.Va xxx Ns -bit +SHA-2 truncated to +.Va yyy +bits (e.g. +.Dq 512224 +for SHA-512/224). +.It Fl b , Fl -binary +Read files in binary mode. +.It Fl c , Fl -check +The file passed as arguments must contain digest lines generated by the same +digest algorithm in either classical BSD format or in GNU coreutils format. +A line with the file name followed by a colon +.Dq ":" +and either OK or FAILED is written for each well-formed line in the digest file. +If applicable, the number of failed comparisons and the number of lines that were +skipped since they were not well-formed are printed at the end. +The +.Fl -quiet +option can be used to quiesce the output unless there are mismatched entries in +the digest. +.It Fl -help +Print a usage message and exit. +.It Fl -ignore-missing +When verifying checksums, ignore files for which checksums are given +but which aren't found on disk. +.It Fl -quiet +When verifying checksums, do not print anything unless the +verification fails. +.It Fl -status +When verifying checksums, do not print anything at all. +The exit code will reflect whether verification succeeded. +.It Fl -strict +When verifying checksums, fail if the input is malformed. +.It Fl -tag +Produce BSD-style output. +.It Fl t , Fl -text +Read files in text mode. +This is the default. +Note that this implementation does not differentiate between binary +and text mode. +.It Fl U , Fl -UNIVERSAL +Read files in universal mode: any CR-LF pair, as well as any CR not +followed by LF, is translated to LF before the digest is computed. +.It Fl -version +Print version information and exit. +.It Fl w , Fl -warn +When verifying checksums, warn about malformed input. +.El .Sh EXIT STATUS The -.Nm md5 , sha1 , sha224 , sha256 , sha512 , sha512t256 , rmd160 , -.Nm skein256 , skein512 , +.Nm md5 , sha1 , sha224 , sha256 , sha384 , sha512 , +.Nm sha512t224 , sha512t256 , +.Nm rmd160 , skein256 , skein512 , and .Nm skein1024 utilities exit 0 on success, @@ -141,6 +289,16 @@ utilities exit 0 on success, and 2 if at least one file does not have the same hash as the .Fl c option. +.Pp +The +.Nm md5sum , sha1sum , sha224sum , sha256sum , sha384sum , sha512sum , +.Nm sha512t224sum , sha512t256sum , +.Nm rmd160 , skein256 , skein512 , skein1024 +and +.Nm shasum +utilities exit 0 on success and 1 if at least one of the input files +could not be read or, when verifying checksums, does not have the +expected checksum. .Sh EXAMPLES Calculate the MD5 checksum of the string .Dq Hello . @@ -161,11 +319,22 @@ Calculate the checksum of multiple files reversing the output: $ md5 -r /boot/loader.conf /etc/rc.conf ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf -.Pd -The -.Nm -sum -variants put 2 blank characters between hash and file name for full compatibility -with the coreutils versions of these commands. +.Ed +.Pp +This is almost but not quite identical to the output from GNU mode: +.Bd -literal -offset indent +$ md5sum /boot/loader.conf /etc/rc.conf +ada5f60f23af88ff95b8091d6d67bef6 /boot/loader.conf +d80bf36c332dc0fdc479366ec3fa44cd /etc/rc.conf +.Ed +.Pp +Note the two spaces between hash and file name. +If binary mode is requested, they are instead separated by a space and +an asterisk: +.Bd -literal -offset indent +$ md5sum -b /boot/loader.conf /etc/rc.conf +ada5f60f23af88ff95b8091d6d67bef6 */boot/loader.conf +d80bf36c332dc0fdc479366ec3fa44cd */etc/rc.conf .Ed .Pp Write the digest for @@ -189,9 +358,7 @@ $ md5 -c randomstring /boot/loader.conf MD5 (/boot/loader.conf) = ada5f60f23af88ff95b8091d6d67bef6 [ Failed ] .Ed .Pp -If invoked with a name ending in -.Nm -sum -the +In GNU mode, the .Fl c option does not compare against a hash string passed as parameter. Instead, it expects a digest file, as created under the name @@ -200,15 +367,16 @@ for .Pa /boot/loader.conf in the example above. .Bd -literal -offset indent -$ md5 -c digest /boot/loader.conf +$ md5sum -c digest /boot/loader.conf: OK .Ed .Pp -The digest file may contain any number of lines in the format generated with or without the -.Fl r -option -.Pq i.e. in either classical BSD format or in GNU coreutils format . -If a hash value does not match the file, FAILED is printed instead of OK. +The digest file may contain any number of lines in the format +generated in either BSD or GNU mode. +If a hash value does not match the file, +.Dq FAILED +is printed instead of +.Dq OK . .Sh SEE ALSO .Xr cksum 1 , .Xr md5 3 , @@ -244,13 +412,29 @@ Secure Hash Standard (SHS): The RIPEMD-160 page: .Pa https://homes.esat.kuleuven.be/~bosselae/ripemd160.html .Sh BUGS -All of the utilities that end in -.Sq sum -are intended to be compatible with the GNU coreutils programs. -However, the long option functionality is not provided. +In bits mode, the original +.Nm shasum +script is capable of processing inputs of arbitrary length. +This implementation is not, and will issue an error if the input +length is not a multiple of eight bits. .Sh ACKNOWLEDGMENTS -This program is placed in the public domain for free general use by -RSA Data Security. +.An -nosplit +This utility was originally derived from a program which was placed in +the public domain for free general use by RSA Data Security. .Pp -Support for SHA-1 and RIPEMD-160 has been added by +Support for SHA-1 and RIPEMD-160 was added by .An Oliver Eikemeier Aq Mt eik@FreeBSD.org . +.Pp +Support for SHA-2 was added by +.An Colin Percival Aq Mt cperciva@FreeBSD.org +and +.An Allan Jude Aq Mt allanjude@FreeBSD.org . +.Pp +Support for SKEIN was added by +.An Allan Jude Aq Mt allanjude@FreeBSD.org . +.Pp +Compatibility with GNU coreutils was added by +.An Warner Losh Aq Mt imp@FreeBSD.org +and much expanded by +.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org , +who also added Perl compatibility. |