md5sum: Print or check MD5 digests
md5sum computes a 128-bit checksum (or fingerprint or
message-digest) for each specified file.
Note: The MD5 digest is more reliable than a simple CRC (provided by
cksum command) for detecting accidental file corruption,
as the chances of accidentally having two files with identical MD5
are vanishingly small. However, it should not be considered secure
against malicious tampering: although finding a file with a given MD5
fingerprint is considered infeasible at the moment, it is known how
to modify certain files, including digital certificates, so that they
appear valid when signed with an MD5 digest.
For more secure hashes, consider using SHA-2. See sha2 utilities.
If a file is specified as ‘-’ or if no files are given
md5sum computes the checksum for the standard input.
md5sum can also determine whether a file and checksum are
md5sum [option]… [file]…
For each file, ‘md5sum’ outputs by default, the MD5 checksum, a space, a flag indicating binary or text input mode, and the file name. Binary mode is indicated with ‘*’, text mode with ‘ ’ (space). Binary mode is the default on systems where it’s significant, otherwise text mode is the default. If file contains a backslash or newline, the line is started with a backslash, and each problematic character in the file name is escaped with a backslash, making the output unambiguous even in the presence of arbitrary file names. If file is omitted or specified as ‘-’, standard input is read.
The program accepts the following options. Also see Common options.
Treat each input file as binary, by reading it in binary mode and outputting a ‘*’ flag. This is the inverse of --text. On systems like GNU that do not distinguish between binary and text files, this option merely flags each input mode as binary: the MD5 checksum is unaffected. This option is the default on systems like MS-DOS that distinguish between binary and text files, except for reading standard input when standard input is a terminal.
Read file names and checksum information (not data) from each
file (or from stdin if no file was specified) and report
whether the checksums match the contents of the named files.
The input to this mode of
md5sum is usually the output of
a prior, checksum-generating run of ‘md5sum’.
Three input formats are supported. Either the default output
format described above, the --tag output format,
or the BSD reversed mode format which is similar to the default mode,
but doesn’t use a character to distinguish binary and text modes.
For each such line,
md5sum reads the named file and computes its
MD5 checksum. Then, if the computed message digest does not match the
one on the line with the file name, the file is noted as having
failed the test. Otherwise, the file passes the test.
By default, for each valid line, one line is written to standard
output indicating whether the named file passed the test.
After all checks have been performed, if there were any failures,
a warning is issued to standard error.
Use the --status option to inhibit that output.
If any listed file cannot be opened or read, if any valid line has
an MD5 checksum inconsistent with the associated file, or if no valid
line is found,
md5sum exits with nonzero status. Otherwise,
it exits successfully.
This option is useful only when verifying checksums. When verifying checksums, don’t generate an ’OK’ message per successfully checked file. Files that fail the verification are reported in the default one-line-per-file format. If there is any checksum mismatch, print a warning summarizing the failures to standard error.
This option is useful only when verifying checksums. When verifying checksums, don’t generate the default one-line-per-file diagnostic and don’t output the warning summarizing any failures. Failures to open or read a file still evoke individual diagnostics to standard error. If all listed files are readable and are consistent with the associated MD5 checksums, exit successfully. Otherwise exit with a status code indicating there was a failure.
Output BSD style checksums, which indicate the checksum algorithm used. As a GNU extension, file names with problematic characters are escaped as described above, with the same escaping indicator of ‘\’ at the start of the line, being used. The --tag option implies binary mode, and is disallowed with --text mode as supporting that would unnecessarily complicate the output format, while providing little benefit.
Treat each input file as text, by reading it in text mode and outputting a ‘ ’ flag. This is the inverse of --binary. This option is the default on systems like GNU that do not distinguish between binary and text files. On other systems, it is the default for reading standard input when standard input is a terminal. This mode is never defaulted to if --tag is used.
When verifying checksums, warn about improperly formatted MD5 checksum lines. This option is useful only if all but a few lines in the checked input are valid.
When verifying checksums, if one or more input line is invalid, exit nonzero after all warnings have been issued.
An exit status of zero indicates success, and a nonzero value indicates failure.