Linux Commands

SHASUM Command on Linux

The shasum is used for computing SHA message digest, cryptographic checksum, or cryptographic hashcode. For those who don’t know, a message digest is a fixed size hash value of a message. A message digest is encrypted with a private key to form a digital signature. There are two important aspects of a message digest:

  1. They produce hash values that are practically impossible to invert. Hence, they are unique. It is computationally impossible to find two files with the same MD(message digest) value.
  2. If we slightly change the original message, the new MD value will significantly change.

There are many message digest algorithms, such as MD2, MD4, MD5, SHA, and SHA-1. The MD series was developed by Ronald Rivest. In 1993, NIST and NSA introduced the SHA and further revised it in 1995. The SHA-1 algorithm is a 16-bit message digest and is a successor of SHA. For 128, 192, and 256-bit message digest, SHA-256, SHA-384, and SHA-512 are used.

Comparison of Variants of SHA

Although SHA is slower as compared to MD5, it is more secure. Many companies have abandoned the use of SHA-1. Since it is vulnerable to Collision Attacks, SHA-2 comprises SHA-256, SHA-384, and SHA-512 appears as the successor of SHA-1. It is considered more secure than SHA-1. Most organizations are now deploying SHA-256.

Here, we have listed the SHA variants:

SHA-256 — generates a digest of 32 bytes
SHA-384 — generates a digest of 48 bytes
SHA-512 — generates a digest of 64 bytes

Hands-On With the Shasum Command

Let us now turn our attention to the ways of using shasum. Let us create a new file and apply various shasum operations to it.

We are using the “cat” command to create and insert a sample text to it:

$ cat > demo.txt

With our demo file ready, we will now perform the different shasum operations:

1. To calculate the SHA checksum for a file, use the format:

shasum <filename>

By default, the previous command generates a sha1sum. So for our demo.txt file, the following two commands will generate the same checksum value:

$ shasum demo.txt
$ sha1sum demo.txt

As you can see in the previous image, both the checksums are the same.

2. To calculate SHA checksum for algorithms beside the sha1sum, use the “-a” option and specify the SHA to use. For example, to use SHA-256 with the demo.txt, the command will be:

 $ shasum -a 256 demo.txt

Alternatively, we can also use:

$ sha256sum demo.txt

Similarly, we can specify other variants of SHA.

3. The size of checksum value keeps on increasing as we go higher on SHA variants. For example, consider the three checksum values for demo.txt with SHA-1, SHA-256, and SHA-512:

Therefore, it is a good idea to save these values to some files. It is very easy to accomplish this by simply modifying the previous commands as:

$ sha256sum demo.txt > keys.txt

Verify the contents of the file using the cat command:

In the same way, we can save multiple values to the previous file. For example, to add a SHA-512 value, modify the previous command as:

$ sha512sum demo.txt >> keys.txt

4. Verifying the integrity of a file: We can check if a file has been modified or not by looking at its sha checksum value. For our demo.txt file, create a checksum value and save it by using:

$ sha256sum demo.txt > file1.txt

Now, check the integrity of the demo.txt file by running the following command:

$ sha256sum -c file1.txt

Till now, the file is intact and not modified. Now, let us append some data to the demo.txt:

$ cat >> demo.txt

Now, check the file integrity:

$ sha256sum -c file1.txt

Now, the integrity check has failed for the file as it is modified.

4. Checking the integrity of several files from a file containing their SHA checksums. Now, we will store the SHA sum values of different files in a common file and check for their integrity. Create the following three files: demo1.txt, demo2.txt, and demo3.txt.

$ touch demo1.txt demo2.txt demo3.txt

Now, generate SHA256 sum values for each and store them in a file “keys.txt”.

$ sha256sum demo1.txt demo2.txt demo3.txt > keys.txt

Now, run an integrity check for the previous files:

$ sha256sum -c keys.txt

Let us modify demo2.txt by adding some text to it and rechecking the integrity:

$ echo ‘Linuxhint’ > demo2.txt

$ sha256sum -c keys.txt

We can see the checksum failed for the file demo2.txt after modifying it.

5. We can also use the text mode by using the “-t” option. In this manner, we can generate the SHA value for text on the console.

$ sha256sum -t

Now, enter the text and press “Ctrl+d” when you are finished.


In this guide, we discussed how to use the “shasum” command to check the integrity of a file. We have also covered the message digest and a brief comparison of variants of SHA. More information about shasum can be found on the man pages. We hope you found this article helpful. Check out other Linux Hint articles for more tips and information.

About the author

Ali Imran Nagori

Ali imran is a technical writer and Linux enthusiast who loves to write about Linux system administration and related technologies. You can connect with him on LinkedIn