6.4 md5sum: Print or check MD5 digests
md5sum computes a 128-bit checksum (or fingerprint or
message-digest) for each specified file.
Note: The MD5 digest is more reliable than a simple CRC (provided by
the cksum command) for detecting accidental file corruption,
as the chances of accidentally having two files with identical MD5
are vanishingly small. However, it should not be considered secure
against malicious tampering: although finding a file with a given MD5
fingerprint is considered infeasible at the moment, it is known how
to modify certain files, including digital certificates, so that they
appear valid when signed with an MD5 digest.
For more secure hashes, consider using SHA-2. See sha2 utilities.
If a file is specified as ‘-’ or if no files are given
md5sum computes the checksum for the standard input.
md5sum can also determine whether a file and checksum are
consistent. Synopsis:
md5sum [option]... [file]...
For each file, ‘md5sum’ outputs the MD5 checksum, a flag
indicating binary or text input mode, and the file name.
If file contains a backslash or newline, the
line is started with a backslash, and each problematic character in
the file name is escaped with a backslash, making the output
unambiguous even in the presence of arbitrary file names.
If file is omitted or specified as ‘-’, standard input is read.
The program accepts the following options. Also see Common options.
- ‘-b’
- ‘--binary’
- Treat each input file as binary, by reading it in binary mode and
outputting a ‘*’ flag. This is the inverse of --text.
On systems like GNU that do not distinguish between binary
and text files, this option merely flags each input mode as binary:
the MD5 checksum is unaffected. This option is the default on systems
like MS-DOS that distinguish between binary and text files, except
for reading standard input when standard input is a terminal.
- ‘-c’
- ‘--check’
- Read file names and checksum information (not data) from each
file (or from stdin if no file was specified) and report
whether the checksums match the contents of the named files.
The input to this mode of md5sum is usually the output of
a prior, checksum-generating run of ‘md5sum’.
Each valid line of input consists of an MD5 checksum, a binary/text
flag, and then a file name.
Binary mode is indicated with ‘*’, text with ‘ ’ (space).
For each such line, md5sum reads the named file and computes its
MD5 checksum. Then, if the computed message digest does not match the
one on the line with the file name, the file is noted as having
failed the test. Otherwise, the file passes the test.
By default, for each valid line, one line is written to standard
output indicating whether the named file passed the test.
After all checks have been performed, if there were any failures,
a warning is issued to standard error.
Use the --status option to inhibit that output.
If any listed file cannot be opened or read, if any valid line has
an MD5 checksum inconsistent with the associated file, or if no valid
line is found, md5sum exits with nonzero status. Otherwise,
it exits successfully.
- ‘--quiet’
- This option is useful only when verifying checksums.
When verifying checksums, don't generate an 'OK' message per successfully
checked file. Files that fail the verification are reported in the
default one-line-per-file format. If there is any checksum mismatch,
print a warning summarizing the failures to standard error.
- ‘--status’
- This option is useful only when verifying checksums.
When verifying checksums, don't generate the default one-line-per-file
diagnostic and don't output the warning summarizing any failures.
Failures to open or read a file still evoke individual diagnostics to
standard error.
If all listed files are readable and are consistent with the associated
MD5 checksums, exit successfully. Otherwise exit with a status code
indicating there was a failure.
- ‘-t’
- ‘--text’
- Treat each input file as text, by reading it in text mode and
outputting a ‘ ’ flag. This is the inverse of --binary.
This option is the default on systems like GNU that do not
distinguish between binary and text files. On other systems, it is
the default for reading standard input when standard input is a
terminal.
- ‘-w’
- ‘--warn’
- When verifying checksums, warn about improperly formatted MD5 checksum lines.
This option is useful only if all but a few lines in the checked input
are valid.
- ‘--strict’
- When verifying checksums,
if one or more input line is invalid,
exit nonzero after all warnings have been issued.
An exit status of zero indicates success,
and a nonzero value indicates failure.