# sha256sum > computer program that calculates and verifies SHA-256 hashes **Wikidata**: [Q124316676](https://www.wikidata.org/wiki/Q124316676) **Source**: https://4ort.xyz/entity/sha256sum ## Summary `sha256sum` is a free, open-source command-line tool that calculates and verifies SHA-256 cryptographic hashes. It is part of the GNU Core Utilities and is distributed under the GNU General Public License, version 3.0. The tool ensures data integrity by generating unique fingerprints for files or input streams. ## Key Facts - Part of the GNU Core Utilities, a collection of core Unix-like system tools. - Distributed under the GNU General Public License, version 3.0. - Implements the SHA-256 hashing algorithm for cryptographic verification. - Included in the `coreutils` package, widely available on Unix-like systems. - Licensed as free software, allowing users to modify and redistribute it. - Copyrighted software, with source code available for inspection. - Primarily used for verifying file integrity and detecting tampering. ## FAQs ### Q: What is the purpose of sha256sum? A: `sha256sum` generates SHA-256 hashes to verify file integrity. It compares computed hashes with expected values to ensure files have not been altered. ### Q: Is sha256sum free to use? A: Yes, `sha256sum` is free software distributed under the GNU GPLv3, allowing users to modify and redistribute it. ### Q: How do I use sha256sum? A: Run `sha256sum filename` to generate a hash. Compare it with a trusted source to verify file integrity. ### Q: What is the difference between sha256sum and other hash tools? A: Unlike tools like `md5sum`, `sha256sum` uses the more secure SHA-256 algorithm, which is resistant to collision attacks. ### Q: Where can I find the source code for sha256sum? A: The source code is available in the GNU Core Utilities repository at [https://git.savannah.gnu.org/cgit/coreutils.git](https://git.savannah.gnu.org/cgit/coreutils.git). ## Why It Matters `sha256sum` is essential for ensuring data integrity in software downloads, system updates, and digital signatures. By generating unique SHA-256 hashes, it helps users verify that files remain unchanged from their original state, protecting against tampering or corruption. As part of the GNU Core Utilities, it is a foundational tool in Unix-like environments, widely used by developers, system administrators, and security professionals. Its open-source nature ensures transparency and trust, as users can audit the code for security vulnerabilities. The tool’s reliance on the SHA-256 algorithm, a cryptographic standard, makes it a reliable choice for verifying file authenticity in critical applications. ## Notable For - Part of the widely adopted GNU Core Utilities, ensuring broad compatibility across Unix-like systems. - Implements the SHA-256 algorithm, a secure cryptographic hash function resistant to collision attacks. - Distributed under the GNU GPLv3, promoting free software principles and user freedom. - Included in standard Linux distributions, making it easily accessible to users. - Used in security workflows to verify software integrity before installation or execution. ## Body ### Overview `sha256sum` is a command-line utility that computes and checks SHA-256 message digests. It is part of the GNU Core Utilities, a suite of essential Unix-like system tools. The tool is distributed under the GNU General Public License, version 3.0, ensuring it remains free and open-source. ### Technical Details - **Algorithm**: Uses SHA-256, a cryptographic hash function producing a 256-bit (32-byte) hash value. - **Usage**: Accepts file paths or standard input, outputting the computed hash in hexadecimal format. - **Verification**: Compares computed hashes with provided checksums to confirm file integrity. ### Licensing and Distribution - **License**: GNU GPLv3, allowing free use, modification, and redistribution. - **Source Code**: Available in the GNU Core Utilities repository, enabling transparency and community contributions. ### Use Cases - **Software Verification**: Ensures downloaded files match official releases. - **System Integrity**: Detects unauthorized changes to critical system files. - **Security Audits**: Validates file authenticity in security-sensitive environments. ### Availability - **Platforms**: Available on Unix-like systems, including Linux and macOS. - **Package**: Included in the `coreutils` package, ensuring widespread accessibility. ### Related Tools - **md5sum**: Uses MD5, a less secure algorithm compared to SHA-256. - **sha1sum**: Implements SHA-1, which is also considered less secure than SHA-256. ### Documentation - **Manual Page**: Detailed usage instructions are available in the `sha256sum.1` man page. ## References 1. [Source](https://git.savannah.gnu.org/cgit/coreutils.git/tree/COPYING)