< Back
Get-FileHash
Post
NAME Get-FileHash
SYNOPSIS
Computes the hash value for a file by using a specified hash algorithm.
SYNTAX
Get-FileHash [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] -InputStream <Stream> [<CommonParameters>]
Get-FileHash [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] -LiteralPath <String[]> [<CommonParameters>]
Get-FileHash [-Path] <String[]> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] [<CommonParameters>]
DESCRIPTION
The Get-FileHash cmdlet computes the hash value for a file by using a specified hash algorithm. A hash value is a unique value that corresponds to
the content of the file. Rather than identifying the contents of a file by its file name, extension, or other designation, a hash assigns a unique
value to the contents of a file. File names and extensions can be changed without altering the content of the file, and without changing the hash
value. Similarly, the file's content can be changed without changing the name or extension. However, changing even a single character in the
contents of a file changes the hash value of the file.
The purpose of hash values is to provide a cryptographically-secure way to verify that the contents of a file have not been changed. While some
hash algorithms, including MD5 and SHA1, are no longer considered secure against attack, the goal of a secure hash algorithm is to render it
impossible to change the contents of a file-either by accident, or by malicious or unauthorized attempt-and maintain the same hash value. You can
also use hash values to determine if two different files have exactly the same content. If the hash values of two files are identical, the
contents of the files are also identical.
By default, the Get-FileHash cmdlet uses the SHA256 algorithm, although any hash algorithm that is supported by the target operating system can be
used.
PARAMETERS
-Algorithm <String>
Specifies the cryptographic hash function to use for computing the hash value of the contents of the specified file. A cryptographic hash
function includes the property that it is not possible to find two distinct inputs that generate the same hash values. Hash functions are
commonly used with digital signatures and for data integrity. The acceptable values for this parameter are:
- SHA1
- SHA256
- SHA384
- SHA512
- MACTripleDES
- MD5
- RIPEMD160
If no value is specified, or if the parameter is omitted, the default value is SHA256.
For security reasons, MD5 and SHA1, which are no longer considered secure, should only be used for simple change validation, and should not be
used to generate hash values for files that require protection from attack or tampering.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InputStream <Stream>
Specifies the input stream.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-LiteralPath <String[]>
Specifies the path to a file. Unlike the Path parameter, the value of the LiteralPath parameter is used exactly as it is typed. No characters
are interpreted as wildcard characters. If the path includes escape characters, enclose the path in single quotation marks. Single quotation
marks instruct Windows PowerShell not to interpret characters as escape sequences.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Path <String[]>
Specifies the path to one or more files as an array. Wildcard characters are permitted.
Required? true
Position? 0
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
You can pipe a string to the Get-FileHash cmdlet that contains a path to one or more files.
OUTPUTS
Microsoft.Powershell.Utility.FileHash
Get-FileHash returns an object that represents the path to the specified file, the value of the computed hash, and the algorithm used to
compute the hash.
NOTES
Example 1: Compute the hash value for a PowerShell.exe file
PS C:\\>Get-FileHash $pshome\\powershell.exe | Format-List
Algorithm : SHA256
Hash : 6A785ADC0263238DAB3EB37F4C185C8FBA7FEB5D425D034CA9864F1BE1C1B473
Path : C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe
This command uses the Get-FileHash cmdlet to compute the hash value for the Powershell.exe file. The hash algorithm used is the default, SHA256.
The output is piped to the Format-List cmdlet to format the output as a list.
Example 2: Compute the has value for an ISO file
PS C:\\>Get-FileHash C:\\Users\\Andris\\Downloads\\Contoso8_1_ENT.iso -Algorithm SHA384 | Format-List
Algorithm : SHA384
Hash : 20AB1C2EE19FC96A7C66E33917D191A24E3CE9DAC99DB7C786ACCE31E559144FEAFC695C58E508E2EBBC9D3C96F21FA3
Path : C:\\Users\\Andris\\Downloads\\Contoso8_1_ENT.iso
This command uses the Get-FileHash cmdlet and the SHA384 algorithm to compute the hash value for an ISO file that an administrator has downloaded
from the Internet. The output is piped to the Format-List cmdlet to format the output as a list.
Example 3: Compute the hash value of a stream and compare the procedure with getting the hash from the file directly
???? >$testfile = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
## open $testfile as a stream
$testfilestream = [System.IO.File]::Open(
$testfile,
[System.IO.FileMode]::Open,
[System.IO.FileAccess]::Read)
$hashFromStream = Get-FileHash -InputStream $testfilestream -Algorithm MD5
$testfilestream.Close()
$hashFromFile = Get-FileHash -Path $testfile -Algorithm MD5
## check both hashes are the same
if(($hashFromStream.Hash) -ne ($hashFromFile.Hash)) {
Write-Error "Get-FileHash results are inconsistent!!"
}
else {
Write-Output "Results from File:"
Write-Output "=================="
$hashFromFile | Format-List
Write-Output " "
Write-Output "Results from Stream:"
Write-Output "===================="
$hashFromStream | Format-List
}
Results from File:
==================
Algorithm : MD5
Hash : 097CE5761C89434367598B34FE32893B
Path : C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe
Results from Stream:
====================
Algorithm : MD5
Hash : 097CE5761C89434367598B34FE32893B
Path :
???? >
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=822413
Format-List
SYNOPSIS
Computes the hash value for a file by using a specified hash algorithm.
SYNTAX
Get-FileHash [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] -InputStream <Stream> [<CommonParameters>]
Get-FileHash [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] -LiteralPath <String[]> [<CommonParameters>]
Get-FileHash [-Path] <String[]> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}] [<CommonParameters>]
DESCRIPTION
The Get-FileHash cmdlet computes the hash value for a file by using a specified hash algorithm. A hash value is a unique value that corresponds to
the content of the file. Rather than identifying the contents of a file by its file name, extension, or other designation, a hash assigns a unique
value to the contents of a file. File names and extensions can be changed without altering the content of the file, and without changing the hash
value. Similarly, the file's content can be changed without changing the name or extension. However, changing even a single character in the
contents of a file changes the hash value of the file.
The purpose of hash values is to provide a cryptographically-secure way to verify that the contents of a file have not been changed. While some
hash algorithms, including MD5 and SHA1, are no longer considered secure against attack, the goal of a secure hash algorithm is to render it
impossible to change the contents of a file-either by accident, or by malicious or unauthorized attempt-and maintain the same hash value. You can
also use hash values to determine if two different files have exactly the same content. If the hash values of two files are identical, the
contents of the files are also identical.
By default, the Get-FileHash cmdlet uses the SHA256 algorithm, although any hash algorithm that is supported by the target operating system can be
used.
PARAMETERS
-Algorithm <String>
Specifies the cryptographic hash function to use for computing the hash value of the contents of the specified file. A cryptographic hash
function includes the property that it is not possible to find two distinct inputs that generate the same hash values. Hash functions are
commonly used with digital signatures and for data integrity. The acceptable values for this parameter are:
- SHA1
- SHA256
- SHA384
- SHA512
- MACTripleDES
- MD5
- RIPEMD160
If no value is specified, or if the parameter is omitted, the default value is SHA256.
For security reasons, MD5 and SHA1, which are no longer considered secure, should only be used for simple change validation, and should not be
used to generate hash values for files that require protection from attack or tampering.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-InputStream <Stream>
Specifies the input stream.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-LiteralPath <String[]>
Specifies the path to a file. Unlike the Path parameter, the value of the LiteralPath parameter is used exactly as it is typed. No characters
are interpreted as wildcard characters. If the path includes escape characters, enclose the path in single quotation marks. Single quotation
marks instruct Windows PowerShell not to interpret characters as escape sequences.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Path <String[]>
Specifies the path to one or more files as an array. Wildcard characters are permitted.
Required? true
Position? 0
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
You can pipe a string to the Get-FileHash cmdlet that contains a path to one or more files.
OUTPUTS
Microsoft.Powershell.Utility.FileHash
Get-FileHash returns an object that represents the path to the specified file, the value of the computed hash, and the algorithm used to
compute the hash.
NOTES
Example 1: Compute the hash value for a PowerShell.exe file
PS C:\\>Get-FileHash $pshome\\powershell.exe | Format-List
Algorithm : SHA256
Hash : 6A785ADC0263238DAB3EB37F4C185C8FBA7FEB5D425D034CA9864F1BE1C1B473
Path : C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe
This command uses the Get-FileHash cmdlet to compute the hash value for the Powershell.exe file. The hash algorithm used is the default, SHA256.
The output is piped to the Format-List cmdlet to format the output as a list.
Example 2: Compute the has value for an ISO file
PS C:\\>Get-FileHash C:\\Users\\Andris\\Downloads\\Contoso8_1_ENT.iso -Algorithm SHA384 | Format-List
Algorithm : SHA384
Hash : 20AB1C2EE19FC96A7C66E33917D191A24E3CE9DAC99DB7C786ACCE31E559144FEAFC695C58E508E2EBBC9D3C96F21FA3
Path : C:\\Users\\Andris\\Downloads\\Contoso8_1_ENT.iso
This command uses the Get-FileHash cmdlet and the SHA384 algorithm to compute the hash value for an ISO file that an administrator has downloaded
from the Internet. The output is piped to the Format-List cmdlet to format the output as a list.
Example 3: Compute the hash value of a stream and compare the procedure with getting the hash from the file directly
???? >$testfile = "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
## open $testfile as a stream
$testfilestream = [System.IO.File]::Open(
$testfile,
[System.IO.FileMode]::Open,
[System.IO.FileAccess]::Read)
$hashFromStream = Get-FileHash -InputStream $testfilestream -Algorithm MD5
$testfilestream.Close()
$hashFromFile = Get-FileHash -Path $testfile -Algorithm MD5
## check both hashes are the same
if(($hashFromStream.Hash) -ne ($hashFromFile.Hash)) {
Write-Error "Get-FileHash results are inconsistent!!"
}
else {
Write-Output "Results from File:"
Write-Output "=================="
$hashFromFile | Format-List
Write-Output " "
Write-Output "Results from Stream:"
Write-Output "===================="
$hashFromStream | Format-List
}
Results from File:
==================
Algorithm : MD5
Hash : 097CE5761C89434367598B34FE32893B
Path : C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe
Results from Stream:
====================
Algorithm : MD5
Hash : 097CE5761C89434367598B34FE32893B
Path :
???? >
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=822413
Format-List