Get File hashes using Windows PowerShell

Martin Brinkmann
Feb 19, 2017
Windows
|
10

Getting file hashes can be quite useful. This can be used for instance to make sure that backed up files are not corrupt or modified (by generating hashes before and after the process), or to make sure that no one tampered with an important file.

You may see it on download sites as well, but the use there is limited. The reason is simple: if an attacker managed to change the download file, there is a chance that the website was compromised as well. This could theoretically at least mean that the file hash displayed on the site was modified as well to fit the new malicious version of the download.

We have reviewed a considerable number of hashing related programs in the past: from the Windows shell extension HashTab, over Nirsoft's HashMyFiles to File Check MD5 and MD5 Check Utility.

Get File hashes using Windows PowerShell

windows powershell get-hash

If you need to generate the hash of a file quickly on a Windows machine, then you may also use PowerShell for that.

It may not be as comfortable as some of the hashing programs out there, but it is a native implementation that does not require third-party software to work. Useful in restricted environments for instance, or when there is no Internet connection available to download these programs.

Hash generating was integrated into PowerShell 4.0. It is included in Windows 8.1 and Windows Server 2012 R2, and also available for Windows 7 Service Pack 1, Windows Server 2012, and Windows Server 2008 R2 Service Pack 1.

  1. Tap on the Windows-key, type PowerShell, and hit the Enter-key to start it up.

The main command is get-filehash FILEPATH, e.g. get-filehash c:\test.txt.

Get-FileHash uses the Sha256 algorithm by default. You may specify a different algorithm instead using the -Algorithm parameter.

Supported are: SHA1, SHA256, SHA384, SHA512, MACTripleDES, MD5, RIPEMD160

Note that MD5 and SHA1 are not considered secure anymore but are still supported.

So, to generate a Sha512 hash you would use the command get-filehash -Algorithm Sha512 c:\test.txt.

You may also use -LiteralPath or -InputStream instead of the default path option.

  • LiteralPath: get-filehash -LiteralPath -Algorithm SHA512 c:\test.txt.
  • InputStream get-filehash -InputStream -Algorithm SHA512 Stream.

The core difference between path and literalpath is that literalpath supports no wildcards, and is used exactly as it is typed.

CertUtil

certutil

CertUtil is another native Windows program that you may use to compute hashes of files. You can run the program from the command prompt, or using PowerShell.

The base command is certutil -hashfile PATH, e.g. certutil -hashfile c:\example.txt.

You may specify the hash algorithm as well. Supported are MD2, MD4, MD5, SHA1, SHA256, SHA384, SHA512. The default algorithm is MD5.

To use a different hash algorithm, specify it after the command, e.g. certutil -hashfile c:\example.txt SHA512.

Closing Words

You may use the commands in scripts to compute hashes for several files in one operation. The two native tools get-filehash and certutil are quite handy for the quick computation of hashes on Windows, and also for script use. (via Genbeta (Spanish))

Summary
Get File hashes using Windows PowerShell
Article Name
Get File hashes using Windows PowerShell
Description
The article describes how to compute hashes on machines running Microsoft's Windows operating system using PowerShell or Cmd.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. neil said on September 2, 2020 at 2:52 pm
    Reply

    tried this and it’s a tad rubbish
    i say this as the sha512 is not actually shown no matter how wide the window is it cuts off and gives me … which is not very useful at all

    1. notrubbish said on October 14, 2020 at 11:22 am
      Reply

      hello neil

      Nope its not..
      get-filehash -algorithm sha512 .\file | fl
      or
      get-filehash -algorithm sha512 .\file | select hash

  2. hirobo said on February 20, 2017 at 5:20 am
    Reply

    Most useful thing anyone can do is create a RAR (or ZIP or 7Z) of the backup file. Click on test and you’ll find out if the file was intact or not from the CRC check. No need to look up hash values or store them.

    The only instance where generating a hash value is useful is to check whether the files you downloaded are genuine. No need for these when actually backing up personal files!

    1. Darren said on February 21, 2017 at 6:16 pm
      Reply

      I don’t know, there have been cases where I wanted to archive items with a hash file to verify down the road and didn’t necessarily want to involve a compression prog.

      1. hirobo said on February 21, 2017 at 8:25 pm
        Reply

        I backup all my files using this method, compression format with built in CRC check. For bigger files, I’ll specify no compression to speed things up, but the file still gets a CRC value. I never have to deal with hash generating programs this way… Plus side any prog that can unpack a ZIP can do the CRC check to test it.

  3. Fena said on February 20, 2017 at 2:33 am
    Reply

    Martin it was in the Nirsoft article, a comment about hashtab with a link.

  4. Anonymous said on February 19, 2017 at 2:49 pm
    Reply

    fciv still working pretty fine in 2017. md5sum and sha256sum are also working just great (via cygwin or standalone).

  5. Fena said on February 19, 2017 at 10:10 am
    Reply

    Martin I found this to be an interesting subject. Something I would never had considered before then I followed your nirosft link & read the previous article. While I was reading I followed another link about hashtab. After clicking that link I ended up on what I believe is a chinese page. This bring me to an interesting point. Is there a way on your webpages or any other websites to have all links scanned ahead of time to see if there are safety concerns. New links to malware sites etc?

    footnote many times when I try to post I get this…”Duplicate comment detected; it looks as though you’ve already said that!”
    Even though it was first attempt.

    1. Martin Brinkmann said on February 19, 2017 at 2:12 pm
      Reply

      Which page linked to the Chinese site?

    2. Martin Brinkmann said on February 19, 2017 at 2:08 pm
      Reply

      Fena, I’m not aware of a plugin for WordPress that offers that feature. It would certainly be interesting. One issue with it is that it needs to be real-time, or run regularly, as you cannot take into account site changes otherwise.

      Sorry to hear that you have issues with the commenting system. It definitely has its issues.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.