Unix (Linux and *BSD) » Security
How to verify the integrity of a file using SHA-512?
You can use SHA for a number of tasks including checking if a file has been altered from its source and its destination. Checking file integrity can be done easily on Unix systems.
1. First, install sha if you don't have it on your system. On PC-BSD and FreeBSD:
$ $ su - # pkg_add -r sha
On CentOS and RPM-based systems:
$ su - # yum install sha
From the manual of sha, you can use several levels of cryptography:
- -1 Uses SHA-1, which produces a 160-bit hash (40-hex digits);
- -2 Uses SHA-256, which produces a 256-bit hash (64-hex digits);
- -3 Uses SHA-384, which produces a 384-bit hash (96-hex digits);
- -5 Uses SHA-512, which produces a 512-bit hash (128-hex digits).
2. Let's use the strongest encryption. We are going to create a hash of a file called "ports":
$ ls ports $ sha -5 ports > myports.sha5 $ ls ports myports.sha5 $
3. Now let's see how we can check integrity of a file. To do so, we need the hash file provided by the author of the file, and the hash file created from the file we have on our computer. We use the cmp tool to compare the two hash files bit by bit:
$ ls ports myports.sha5 authorports.sha5 $ cmp myports.sha5 authorports.sha5 $
If both files are equal, your downloaded file is unchanged, the cmp tool will not return any error message and will return the exit 0 signal to the system. If both hash files are different, cmp will tell you where they are different and will return the exit 1 signal to the system:
$ ls ports myports.sha5 authorports.sha5 $ cmp myports.sha5 ports myports.sha5 ports differ: char 1, line 1 $ cmp myports.sha5 authorports.sha5 $
This way, you can make sure your file is not corrupted, like you would do using MD5.
Tags: -
Related entries:
Last update: 2008-09-01 06:12
Author: Charles A. Landemaine
Revision: 1.2
You cannot comment on this entry