Hashdeep: A Powerful Tool for File Verification in Linux

As a seasoned Linux user with over a decade of experience, I’ve come across many tools that help in various aspects of system administration, security, and forensics.

One such tool that I find particularly useful is hashdeep, which is a powerful command-line utility used primarily for file integrity checking and verifying cryptographic hashes.

In this article, I’ll provide a detailed understanding of what hashdeep is, how it works, and how you can use it effectively in Linux environments.

What is hashdeep?

hashdeep is a tool used to compute, compare, and verify hashes of files, which are unique identifiers that are created by applying a hash function (like SHA-256 or MD5) to the contents of a file. These hashes serve as “fingerprints” for files. When two files have the same hash, it means that their contents are identical.

hashdeep supports multiple hash algorithms such as MD5, SHA-1, and SHA-256, making it flexible for various use cases.

It is most commonly used in:

  • File Integrity Checking: Ensuring that files have not been tampered with or corrupted over time.
  • Digital Forensics: Verifying the integrity of files in forensic investigations.
  • Backup and Restoration: Verifying the integrity of backup files and ensuring data consistency during recovery processes.

Installing hashdeep in Linux

Before we dive into its usage, let’s first get hashdeep installed on your Linux system, which is available in most distribution package repositories, so installation is easy.

sudo apt install hashdeep         [On Debian, Ubuntu and Mint]
sudo yum install hashdeep         [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
sudo emerge -a sys-apps/hashdeep  [On Gentoo Linux]
sudo apk add hashdeep             [On Alpine Linux]
sudo pacman -S hashdeep           [On Arch Linux]
sudo zypper install hashdeep      [On OpenSUSE]    
sudo pkg install hashdeep         [On FreeBSD]

Once installed, you can start using hashdeep to calculate and verify file hashes.

Below are some of the most common use cases.

1. Calculating Hashes of Files

The most basic usage of hashdeep is to calculate the hash of a single file or multiple files.

hashdeep -c sha256 myqr.png

In this command:

  • -c sha256 specifies the hash algorithm (SHA-256 in this case).
  • myqr.png is the file you want to hash.

You can replace sha256 with md5, sha1, or other supported algorithms depending on your preference.

Calculating File Hashes in Linux
Calculating File Hashes in Linux

2. Hashing Files Recursively in a Directory

You can also hash all files in a directory, including subdirectories, by using the -r flag (recursive):

hashdeep -c sha256 -r /path/to/your/directory
Recursively Hashing a Directory
Recursively Hashing a Directory

3. Saving Hashes to a File

If you want to save the calculated hashes to a file for later comparison, you can use the -o option to specify an output file:

hashdeep -r ravi > hashes.txt
cat hashes.txt
Save Calculated Hashes to a File
Save Calculated Hashes to a File

4. Verifying File Integrity

One of hashdeep’s most important uses is verifying the integrity of files. If you already have a list of known hashes (e.g., from a previous session), you can compare the current file hashes to these known values to see if any files have been altered.

To do this, use the following command to verify files:

hashdeep -a -k hashes.txt -r /home/ravi/ravi

This command will recursively check all files within the “ravi” directory against the hashes listed in hashes.txt, allowing you to verify their integrity properly.

Verifying File Integrity
Verifying File Integrity

5. Generating Multiple Hashes Simultaneously

To calculate multiple types of hashes (e.g., MD5, SHA-1, and SHA-256) at once, you can specify more than one algorithm with the -c flag:

hashdeep -c md5,sha1,sha256 -r /path/to/your/directory
Calculate Multiple Hashes
Calculate Multiple Hashes
Conclusion

hashdeep is a versatile and powerful tool for file integrity checking and digital forensics. Its support for multiple hash algorithms, recursive directory hashing, and file comparison make it an indispensable utility for anyone working in security, forensics, or system administration.

Similar Posts