Вычисление контрольных сумм sha-256 в powershell

After downloading a file from our site, you may want to verify its SHA-256 checksum to ensure the downloaded file’s integrity.

<#

.SYNOPSIS

Calculates the SHA256 hash of a string.

.DESCRIPTION

The Get-Sha256 function calculates the SHA256 hash of a string.

.PARAMETER string

The string to hash. This is a mandatory parameter.

.EXAMPLE

Get-Sha256 -string “your-string”

This example calculates the SHA256 hash of a string.

.NOTES

The function creates a new SHA256CryptoServiceProvider object, converts the string to a byte array using UTF8 encoding, computes the SHA256 hash of the byte array, converts the hash to a string and removes any hyphens, and returns the resulting hash.

#>

# Compute the SHA256 hash of the byte array.

# Return the resulting hash.

Sometimes you need to create a file checksum to make sure files are not tampered with. Luckily PowerShell offers a standard cmdlet for this: Get-FileHash. Use this to validate file integrity in Windows (Windows Server).

Identifying changed files and possible attacks on your systems is of create importance. PowerShell offers the Get-FileHash cmdlet which computes a hash value of a file. If a hash value has changed a file has change and might indicate a possible infection or attack. Here is how to use Get-FileHash.

The cmdlet Get-FileHash:

Suppose I have a file cmd.exe (yeah we all know that one 🙂 ). Its hash value is:

Get-FileHash C:\Windows\System32\cmd.exe | Select-Object Hash
Hash
----
423E0E810A69AACEBA0E5670E58AFF898CF0EBFFAB99CCB46EBB3464C3D2FACB

Or in one command:

(Get-FileHash C:\Windows\System32\cmd.exe).Hash
423E0E810A69AACEBA0E5670E58AFF898CF0EBFFAB99CCB46EBB3464C3D2FACB

If I copy that executable to my local directory, the file hash remains the same:

PS C:\Users\Jan Reilink> copy C:\Windows\System32\cmd.exe .
PS C:\Users\Jan Reilink> (Get-FileHash "C:\Users\Jan Reilink\cmd.exe").Hash
423E0E810A69AACEBA0E5670E58AFF898CF0EBFFAB99CCB46EBB3464C3D2FACB

PS C:\Users\Jan Reilink> echo " " >> "C:\Users\Jan Reilink\cmd.exe"
PS C:\Users\Jan Reilink> (Get-FileHash "C:\Users\Jan Reilink\cmd.exe").Hash
B01356E4439C05727982FDB62D2F49B04A23F39CA63BF2076EEB022E4B914760

If I were to regularly store and check / verify file checksums, I now know the file is tampered with. Such file changes might indicate an attack. File Integrity Monitor (FIM) in Windows Defender for Cloud can also do this for you.

:/> Как изменить тип сети в Windows 10: общедоступная или частная?

Learn working with file attributes in PowerShell to verify the LastWriteTime (or last modified date) time of files.

Did you know you can also use certutil.exe for the job? Even for checking an MD5 checksum? See:

PS C:\Users\Jan Reilink> certutil.exe -hashfile C:\Windows\System32\cmd.exe SHA256
SHA256 hash of C:\Windows\System32\cmd.exe:
423e0e810a69aaceba0e5670e58aff898cf0ebffab99ccb46ebb3464c3d2facb
CertUtil: -hashfile command completed successfully.

PS C:\Users\Jan Reilink> certutil.exe -hashfile C:\Windows\System32\cmd.exe MD5
MD5 hash of C:\Windows\System32\cmd.exe:
5a6be4d2519515241d0c133a26cf62c0
CertUtil: -hashfile command completed successfully.

Как проверить контрольную сумму sha 256

All Products: How to Get Hash of a File for SHA256 and/or MD5

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to find the SHA256 and MD5 checksum of a file from various operating system commands.

Environment

Microsoft Windows: All Supported Versions
Apple macOS: All Supported Versions
Linux: All Supported Versions

Resolution

The steps below would be able to help verify the hash checksum of a file from various operating systems:

Leverage Command Prompt or PowerShell to generate an SHA-256 or MD5 checksum on Windows.
- Command Prompt:
  1. From the Command Prompt, run the following command:

certutil -hashfile C:\path\file.exe sha256
OR
certutil -hashfile C:\path\file.exe md5
Note: Replace C:\path\file.exe with the actual path to the file

Powershell:

From Windows Powershell, run the following command:

Get-FileHash C:\path\file.exe -Algorithm sha256
OR
Get-FileHash C:\path\file.exe -a md5
Note: Replace C:\path\file.exe with the actual path to the file

Every Linux distribution comes with tools for checksum algorithms leveraging sha256sum and md5sum.

Go to the directory where your downloaded file is stored, e.g.:
```
cd home/downloads
```

From terminal, run the following command to generate the checksum:

sha256sum file.exe
OR
md5sum file.exe
Note: Replace file.exe with the actual name of the file

In macOS, leverage terminal checksum commands or OpenSSL commands to get the file hash:
- Hash check command in Terminal:
1. To find the hash value, use the following command in the terminal:
```
$ shasum -a 256 /path/to/file
OR
$ md5 /path/to/file
Note: Replace /path/to/file with the actual path to the file
```
- Using OpenSSL command in Terminal to check for Hash:
1. Use the following command to get the hash value using OpenSSL command:
```
$ openssl sha256 /path/to/file
OR
$ openssl md5 /path/to/file
Note: Replace /path/to/file with the actual path to the file
```

Additional Information

If the hash is available publicly, it is also possible to check for information on VirusTotal, although this is not Carbon Black proprietary and there’s no support offered or additional information on results.

:/> Смешанный режим сети в телефоне что это? - Ответы на вопросы о компах для чайников!

Feedback

MacOS

1. Click the Launchpad icon in the Dock, type Terminal in the search field, then click Terminal.

shasum -a 256 /file/path/my_file.exe

Make sure to replace /file/path/my_file.exe with the actual path to the file

3. Compare the generated value to the checksum of the file in Rublon Downloads.

How to verify an SHA-256 checksum?

To verify the SHA-256 checksum of a file, you must generate a checksum of the downloaded file and compare it to the checksum in Rublon Downloads.

Find the instructions below to learn how to generate a checksum of a file on your operating system.

Windows

You can use Command Prompt or PowerShell to generate a SHA-256 checksum on Windows.

Using Command Prompt

1. Press Windows+R to open the Run box

2. Type cmd and click OK.

3. The Command Prompt window will open.

certutil -hashfile C:\file\path\my_file.exe SHA256

Make sure to replace C:\file\path\my_file.exe with the actual path to the file.

5. Compare the generated value to the checksum of the file in Rublon Downloads.

Using Power Shell

1. Press Windows+R to open the Run box

2. Type powershell and click OK.

3. The Windows PowerShell window will open.

Get-FileHash C:\file\path\my_file.exe -Algorithm SHA256

Make sure to replace ith the actual path to the file

5. Compare the generated value to the checksum of the file in Rublon Downloads.

What is an SHA-256 checksum?

You can think of a checksum as a fingerprint of a file.

Here’s an example of a checksum:

Every file has a unique checksum that you can use to ensure its integrity. In other words, you can verify the file’s checksum to ensure the file you downloaded is exactly the file you want and that it was not corrupted or modified in any way.

:/> Как разархивировать файлы RAR и ZIP на компьютере программами WinRAR и 7-Zip

SHA-256 is a name for one of the hash algorithms you can use to generate a checksum.

What You Need To Remember

There are two things you need to remember while generating checksums of our files:

All checksums in Rublon Downloads are generated using the SHA-256 algorithm. If you use a different algorithm to generate your checksum, e.g. SHA 1, it will produce a different result. Always generate an SHA-256 checksum.
For checksums, capitalization does not matter, e.g. A and a are the same. These two strings are the same checksum:

Linux

Every Linux distribution comes with tools for various checksum algorithms. SHA-256 checksum tool is called sha256sum.

1. Go to the directory where your downloaded file is stored, e.g.:

Make sure to replace my_file.exe with the actual name of the file.