What is the equivalent to sha256sum -c in Windows?
I have a set of very important files that I need to copy-to and mirror across many different types of disks in many geographically distinct locations. After relaying the contents to disk via USB, ethernet, fiber, radio, telegram, and signal fires (some of which are more reliable means of transmissions than others!), I want to check the integrity of the data written to disk.
In Debian Linux, file checksums are typically stored in a SHA256SUM "digest" file that's generated using the sha256sum command. It's trivial to use this command to generate this file with the recursive SHA256 checksums of all the files in the current directory and subdirectories. It's also very trivial for the user to use this command to verify the integrity of all the files, recursively. For example, consider this super-critical dataset of cat pictures
user@disp3274:~/Pictures$ tree
.
├── cats
│ ├── cat1.jpeg
│ ├── cat2.jpeg
│ └── cat3.jpeg
└── people
├── person1.jpeg
└── person2.jpeg
2 directories, 5 files
user@disp3274:~/Pictures$
I can generate the checksum file as follows
user@disp3274:~/Pictures$ time sha256sum `find . -type f` > SHA256SUMS
real 0m0.010s
user 0m0.008s
sys 0m0.002s
user@disp3274:~/Pictures$
user@disp3274:~/Pictures$ cat SHA256SUMS
b2d82e7b8dcbaef4d06466bee3486c12467ce5882e2eabe735319a90606f206a ./people/person2.jpeg
e01f7b240f300ce629c07502639a670d9665e82df6cba9311b87ba3ad23c595d ./people/person1.jpeg
53e056cc91fd4157880fb746255a2f621ebee8ca6351a659130d6228142c1e47 ./cats/cat1.jpeg
a0a73a21b9d26f1bbe4fcfce0acd21964dedf2dc247a5fe99bd9f304aa137379 ./cats/cat2.jpeg
a171fa88d431a531960b6eb312d964ed66cc35afd64bde5dda9b929ad83343f6 ./cats/cat3.jpeg
user@disp3274:~/Pictures$
And I can verify the integrity of all the files as follows
user@disp3274:~/Pictures$ time sha256sum -c SHA256SUMS
./people/person2.jpeg: OK
./people/person1.jpeg: OK
./cats/cat1.jpeg: OK
./cats/cat2.jpeg: OK
./cats/cat3.jpeg: OK
real 0m0.009s
user 0m0.008s
sys 0m0.000s
user@disp3274:~/Pictures$
In Windows, what is the equivalent built-in tool for generating a SHA256SUMS (or similar digest file using another cryptographic hash function) and verifying the integrity of a set of files, recursively?
You can create a sha256sums file with this command:
Get-ChildItem -Recurse -Exclude sha256sums | Get-FileHash -Algorithm SHA256
| % {$_.Hash + " " + (Resolve-Path -Path $_.Path -Relative)} | Out-File
-FilePath sha256sums -Encoding utf8NoBOM
The -Recurse is optional, omit it if you want to only read files in the current directory.
NB: I tested this on an older version of PS and I had to use -Encoding utf8 for Out-File which include the UTF8 BOM. For sha256sum compatibility I had remove the BOM later using tail -c+4 - a full example will follow...
You can later check a sha256sums file using this command - I used Format-List to avoid line truncation...
Get-Content -Path sha256sums | % {$Hash, $_, $File = $_.Split(" ", 3); if
($Hash) { [PSCustomObject]@{Path=$File; Result=if ((Get-FileHash -Path
$File -Algorithm SHA256).Hash -eq $Hash) { "OK" } else { "FAILED" }}}} |
Format-List
On linux, you can use the standard sha256sum command - just make sure to strip the BOM if you couldn't use utf8NoBOM encoding, and replace the path separators of course. For example if the checksum file has a BOM:
sha256sum -c <(tail -c+4 sha256sums |tr '\\' /)