In Windows you can make a checksum of a file without installing any additional software.
For this you can use the certUtil – built-in command-line tool that works both in Windows CMD and PowerShell.
In this note i will show the examples of how to make md5sum and sha256sum of a file in Windows from the command line.
Cool Tip: zip and unzip from the command line in Windows! Read more →
MD5/SHA256 CheckSum in Windows
Checksum a file in Windows using the built-in certUtil command-line utility:
C:\> certUtil -hashfile <PATH_TO_FILE> <HASH_ALGORITHM>
MD5 checksum example (md5sum):
C:\> certUtil -hashfile C:\file.img MD5
SHA256 checksum example (sha256sum):
C:\> certUtil -hashfile C:\file.img SHA256
Get only hash value:
# Windows CMD: C:\> CertUtil -hashfile C:\file.img MD5 | findstr /v "hash" # Windows PowerShell: PS C:\> $(CertUtil -hashfile C:\file.img MD5)[1] -replace " ",""
Available hash algorithms:
MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512
Hash Algorithms: Note that on Windows 7, the hash algorithms are case-sensitive. Be sure to type, for example, not “md5” but “MD5”. In the subsequent versions of Windows the case doesn’t matter.
Get help:
C:\> certutil -hashfile -?
I am getting the following errors:
A)
(what I typed or part of it) is not recognized as an internal or external command, operable program or batch file
B)
The filename, directory name, or volume label syntax is incorrect.
are you using unc paths? depending on the windows version you mean need to put the locations within ” or ‘ brackets
Thank you very much for “within brackets” advice.
That bothered me every time I use command line commands on Windows.
Thanks for the info it worked for me.
If this registry is used, you will have it as shell extension:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\Certutil md5sum]
[HKEY_CLASSES_ROOT\*\shell\Certutil md5sum\command]
@=”cmd /k certutil -hashfile %1 md5″
[HKEY_CLASSES_ROOT\*\shell\Certutil SHA1sum]
[HKEY_CLASSES_ROOT\*\shell\Certutil SHA1sum\command]
@=”cmd /k certutil -hashfile %1 SHA1″
[HKEY_CLASSES_ROOT\*\shell\Certutil SHA256sum]
[HKEY_CLASSES_ROOT\*\shell\Certutil SHA256sum\command]
@=”cmd /k certutil -hashfile %1 SHA256″
worked great, awesome, thank you!!
Here’s a script I wrote that takes the information in this article and shows or checks the checksum. The remarks at the top show how to use the script, and there is also a usage prompt if no parameter is provided or the first parameter is a file that doesn’t exist.
@echo off REM ============================================================ REM = REM = Author: Eric C. Berlin MIS REM = Date: 7:16 PM 1/2/2021 REM = Version: 1.0 REM = Script: checkhash.cmd REM = Source: https://www.shellhacks.com/windows-md5-sha256-checksum-built-in-utility/ REM = REM ============================================================ REM = REM = This script has three parameters. The first is required and the second REM = and third are figured out contextually. The first parameter is the file REM = to check hash(es) on. REM = REM = If the second parameter matches an available hash method, it is used REM = as the hash method to check. If the third parameter is also provided, REM = it is compared to the computed hash, and a success/fail message REM = is displayed. REM = REM = If the second parameter IS NOT an available hash method, it is used as REM = a hash to verify against the file and all available hashes are used. REM = When done, a success/fail message is displayed. REM = REM = If the second parameter IS NOT PROVIDED, all available hashes are REM = displayed. REM = REM ============================================================ REM -- INITIALIZATION setlocal ENABLEEXTENSIONS ENABLEDELAYEDEXPANSION set hashes=MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512 set file="%~1" set hashcheck=%~2 if "%~2" == "" set hashcheck=none set match=n set hashmethod=none set hashfound=none set method=checkall REM ============================================================ REM -- IF NO PARAMTERS PROVIDED OR FILE DOES NOT EXIST, DISPLAY USAGE if not exist !file! ( cls echo USAGE: %~n0 FILE [HASH [CHECK]] echo echo OPTION 1: echo If only the file is specified, all available hashes will be displayed. echo OPTION 2: echo if FILE and HASH are specified, the hash will be compared to all available echo hashes and a success/fail message will indicate if a match was found. echo OPTION 3: echo This is like option 2 except that HASH is one of the available hashes echo and is validated against CHECK, if provided. ) REM ============================================================ REM -- CHECK IF PARAMETER 2 IS A HASH METHOD AND INITIALIZE for %%f in (%hashes%) do ( if /i %%f == !hashcheck! ( set hashmethod=%%f set method=checkone if "%~3" == "" ( set hashcheck=none ) else ( set hashcheck=%~3 ) ) ) REM ============================================================ REM -- IF NO HASH METHOD WAS PROVIDED, CHECK ALL HASHES if !method! == checkall ( cls echo Checking !file! against all hashes %hashes%... for %%f in (%hashes%) do ( for /f "tokens=*" %%g in ('certUtil -hashfile !file! %%f ^| findstr /v "hash"') do ( REM -- This check will not return anything if hashcheck == none. if /i "%%~g" == "!hashcheck!" ( set match=y set hashmethod=%%f set hashfound=%%g ) echo %%~f=%%~g echo. ) ) REM -- The success and failure messages are only displayed if hashcheck != none. if !match! == y ( echo The file !file! matched echo !hashmethod! !hashfound!. ) else ( if not !hashcheck! == none ( echo The file !file! hash echo did not match any of the calculated echo %hashes% echo hashes. ) ) ) REM ============================================================ REM -- If a hash method is supplied, this is used. if !method! == checkone ( cls echo Checking !file! against hash method !hashmethod!... for /f "tokens=*" %%g in ('certUtil -hashfile !file! !hashmethod! ^| findstr /v "hash"') do ( REM -- This check will not return anything if hashcheck == none. if "%%~g" == "!hashcheck!" ( set match=y set hashfound=%%g ) echo !hashmethod!=%%~g echo. ) REM -- The success and failure messages are only displayed if hashcheck != none. if !match! == y ( echo The file !file! matched echo !hashmethod! !hashfound!. ) else ( if not !hashcheck! == none ( echo The file !file! hash echo did not match any of the calculated echo %hashes% echo hashes. ) ) ) REM -- Not required since this is the end of the script, but there REM -- for completeness. endlocalSupercoool! Thank you very much!
@Eric C Berlin Thank you for your effort to help (at 2:31am!). But I’m afraid you have made the same assumptions and/or mistakes as EVERY other teckie-trying-to-help-non-teckies that I’ve encountered over the years. That is, you talk amongst yourselves NOT to us “uninitiated”. I have used Unix terminal some and tried to use MSwhatthe f–k but always hit the same wall: the instructions assume the user already knows how to do whatever and just needs a little clarification; i.e.: teckie talk to teckie. In addition many of the “suggestions” for what to enter into a terminal are not proofread and usually don’t work because of a typo -some I’ve found most I’ve wasted time with. I do not know that about your instructions , only that they don’t work for me. MS Help is as useful as an ice-cube in hell. Unix/Linx is better but overall the tech sphere does a good job repelling anyone who wants to learn a bit at a time rather than becoming a programmer. What is one to do about the “REMark – initialization” are those commands?, are they “set” in some other folder? what? Anyway, thanks for trying.
@E Moore, in commandline scripts, like the one provided by @Eric C Berlin above, “REM” at the start of a line is an indicator that the following text is for human consumption only, and the program will skip past any instructions on that line. Both the normal usages are seen here : 1) provide some instruction to users about how to run the program, 2) provide some notes about what the next part of the program is (/should be) doing.
Ther is a logic problem with the script. When I run it without any args, it does not display useage. Please check your script.
minor error on line #45. fix it and you will get “help” screen:
42 REM ============================================================ 43 44 REM -- IF NO PARAMTERS PROVIDED OR FILE DOES NOT EXIST, DISPLAY USAGE 45 if not exist %file% ( 46 clsIt works without problems (certUtil -hashfile C:\file.img SHA256).
Thank you.
I have been looking for that for some time because I don’t like online tools (must upload my file).