Code, Computers & Random Junk

Moving Between Platforms

Using MD5 and SHA in OS X and Linux/*BSD

This post was originally wittten in March 2015, and was updated/re-written 2015-08-06.

MD5 and SHA are both great tools to creat checksums &/or verify files with, but shouldn’t be used for anything but that. They are designed to be fast and are not safe or secure to use with verifying passwords etc.

For checksums they’re great. At lot of times when you download a file or a program you’ll see: MD5/SHA1 checksums …&/or a signature file. When you can, use the signature option.

To check files against a checksum one could do that it many ways. I’ve made myself a script for that, to automize it. So, instead of create a checksum of the downloaded and manually compare it against the checksum given on the site, I just run:

# chksum <md5 or sha*> <the checksum you copied on the site> <file>

$ chksum md5 d41d8cd98f00b204e9800998ecf8427e        ... OK

$ chksum md5 d41d8cd98f00b204e9800998ecf8427f fooBar.txt        ... FAILED

chksum: WARNING: The checksum (d41d8cd98f00b204e9800998ecf8427f) did NOT match

You can grab the script here octocat. It’s nothing fancy or anything, but it works. I wrote a blog post about it: “Verifying checksums” if you want to read more about it.

But, this post isn’t about that…

OS X vs Linux/*BSD

When moving between platsforms, like I do… I’ve had Mac since I got my first computer, but over the years also using Linux. Linux/*BSD are using a different set of tools than OS X. OS X has it’s own md5 and shasum, while the others are using GNU coreutils (md5sum, sha1sum, sha256sum etc). So, when moving between I often find my self using the OS X commands. I guess the muscle memory kicks in. smirk

While I made the chksum script to be portable - using both - I also made a couple of “wrappers” or compatibility layers so I can have md5 and shasum on my Linux machines. And I’ve also installed GNU coreutils in OS X.

Not that it is very needed, but it helps me out. Also, it makes other scripts compatible with each platform, if needed. Eg, I can use an OS X script on my Linux machines and vice versa.

GNU coreutils

It’s not that difficult to install. Though, a lot of programs are already present in OS X, so we need to put the installation aside, and the bring in what we want/need. There are some goodies that are useful, except the others. Like date, - which has a few xtra options that date in OS X doesn’t have (like date -I).


I’m using another destination and then use symlinks to the programs I want/need into a location defined in PATH. In my case: /usr/local/xbin. I put some of my own scripts in there since /usr/local/bin is quite crowded in OS X when you compile things yourself. And to keep your own scripts in a separate folder makes it easier to backup or copy/move to another computer.

So, download the sources/signature here (8.24 is the latest version at the moment). Verify the package and unpack it. Then in the source folder:

cd /path/to/source/coreutils-8.24
./configure --prefix=/usr/local/xgnu/coreutils --program-prefix=gnu_
sudo make install

That will put all the programs in another folder (not in PATH): /usr/local/xgnu/coreutils with a prefix of gnu_. So md5sum becomes gnu_md5sum instead. Just to ensure that we don’t get any conflicts.

Symlink the program(s) you want/need:

cd /usr/local/xbin
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_date date
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_md5sum md5sum
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_sha1sum sha1sum
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_sha224sum sha224sum
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_sha256sum sha256sum
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_sha384sum sha384sum
sudo ln -sf /usr/local/xgnu/coreutils/bin/gnu_sha512sum sha512sum

One could check the paths with which (or type -a to get all listed):

$ which date md5sum sha{1,224,256,384,512}sum 

If it’s a program already in OS X you want to add. Make sure /usr/local/xbin is in front in PATH. Something like:

export PATH="/usr/local/xbin:/usr/local/bin:/usr/local/sbin:$PATH"

Of course using /usr/local/xbin is fine to, just adjust the paths in the installation. This is just how I did it, to give you an example.

The other way around

For a long time Linux user that might not make any sense, perhaps… smirk The tools are already in there and can do the same thing. But, that’s not the my point. It’s about when moving betewwn the platforms you sometime forget which one you’re at, and the “muscle memory” starts to type md5 or shasum. Having a couple of wrappers saves that and also, I like the shorter syntax. The other benefit is you can use OS X scripts that might use that syntax and you’re ready to go.

So here are the to wrappers:

Not all options are “translated”, but a couple of three each. Personally I like md5 -q and md5 -s. They are really useful.

$ md5 -q 

$ md5 -s "I'm a text string"
MD5 ("I'm a text string") = 9fb4b4561f538606cd87bf69a7c67c6e

For shasum, the syntax is different in that way that instead of having a program for each algorithm (shaNNNsum), you use the -a option. shasum it self defaults to SHA1, but to get the other ones:

$ shasum

# shasum -a 1
# will do the same

$ shasum -a 256

Everything is of course what you’re used to. And for me, coming from an OS X environment - and soon switching to Linux as my main OS, I’d like to get the option to use both. It’s not that I want/need to make Linux more like OS X… I mainly use md5sum and the othe GNU coreutils 95& of the time. But, just to being able to chose, and of course for the compatibility. For example, if I make a script on Linux that’s suppose to work with OS X as well, I have the tools to test it with. thumbsup

You can read about the options in the OS X manuals : md5(1), shasum(1)