MD5

Command Line Message Digest Utility


This page describes md5, a command line utility usable on either Unix or MS-DOS/Windows, which generates and verifies message digests (digital signatures) using the MD5 algorithm. This program can be useful when developing shell scripts or Perl programs for software installation, file comparison, and detection of file corruption and tampering.

NAME

md5 - generate / check MD5 message digest

SYNOPSIS

md5 [ -csignature ] [ -l ] [ -n ] [ -u ] [ -v ] [ -dinput_text | infile… ]

DESCRIPTION

A message digest is a compact digital signature for an arbitrarily long stream of binary data. An ideal message digest algorithm would never generate the same signature for two different sets of input, but achieving such theoretical perfection would require a message digest as long as the input file. Practical message digest algorithms compromise in favour of a digital signature of modest size created with an algorithm designed to make preparation of input text with a given signature computationally infeasible. Message digest algorithms have much in common with techniques used in encryption, but to a different end; verification that data have not been altered since the signature was published.

Many older programs requiring digital signatures employed 16 or 32 bit cyclical redundancy codes (CRC) originally developed to verify correct transmission in data communication protocols, but these short codes, while adequate to detect the kind of transmission errors for which they were intended, are insufficiently secure for applications such as electronic commerce and verification of security related software distributions.

The most commonly used present-day message digest algorithm is the 128 bit MD5 algorithm, developed by Ron Rivest of the MIT Laboratory for Computer Science and RSA Data Security, Inc. The algorithm, with a reference implementation, was published as Internet RFC 1321 in April 1992, and was placed into the public domain at that time. Message digest algorithms such as MD5 are not deemed “encryption technology” and are not subject to the export controls some governments impose on other data security products. (Obviously, the responsibility for obeying the laws in the jurisdiction in which you reside is entirely your own, but many common Web and Mail utilities use MD5, and I am unaware of any restrictions on their distribution and use.)

The MD5 algorithm has been implemented in numerous computer languages including C, Perl, and Java; if you're writing a program in such a language, track down a suitable subroutine and incorporate it into your program. The program described on this page is a command line implementation of MD5, intended for use in shell scripts and Perl programs (it is much faster than computing an MD5 signature directly in Perl). This md5 program was originally developed as part of a suite of tools intended to monitor large collections of files (for example, the contents of a Web site) to detect corruption of files and inadvertent (or perhaps malicious) changes. That task is now best accomplished with more comprehensive packages such as Tripwire, but the command line md5 component continues to prove useful for verifying correct delivery and installation of software packages, comparing the contents of two different systems, and checking for changes in specific files.

OPTIONS

-csignature
Computes the signature of the specified infile or the string supplied by the -d option and compares it against the specified signature. If the two signatures match, the exit status will be zero, otherwise the exit status will be 1. No signature is written; only the exit status is set. The signature to be checked must be specified as 32 hexadecimal digits.
-dinput_text
A signature is computed for the given input_text (which must be quoted if it contains white space characters) instead of input from infile or standard input. If input is specified with the -d option, no infile should be specified.
-l
Use lower case letters for hexadecimal digits “a” through “f”. By default, upper case letters are used. Note that the signature argument to the -c option may use upper or lower case hexadecimal digits (or a mix) regardless of the setting of this option.
-n
Suppress printing the file name (or “-” for standard input) after the hexadecimal signature.
-ofname
Write output to fname. If fname is “-”, output is written to standard output, which is the default is no -o option is specified.
-u
Print how-to-call information.
-v
Print version information.

FILES

If no infile or -d option is specified or infile is a single “-”, md5 reads from standard input. A single “-” on the command line causes all subsequent arguments to be treated as file names even if they begin with “-”. If no -o option is specified or the fname is a single “-”, output is sent to standard output. Input and output are processed strictly serially; consequently md5 may be used in pipelines.

BUGS

The mechanism used to set standard input to binary mode may be specific to Microsoft C; if you rebuild the DOS/Windows version of the program from source using another compiler, be sure to verify binary files work properly when read via redirection or a pipe.

This program has not been tested on a machine on which int and/or long are longer than 32 bits.

Download md5.zip (Zipped) or md5.tar.gz (tar/gzip)

The program is provided as either md5.zip, a Zipped archive, or md5.tar.gz, a gzipped tar archive. The two archive formats have identical contents; both include a ready-to-run Win32 command-line executable program, md5.exe (compiled using Microsoft Visual C++ .NET), and source code along with a Makefile to build the program under Unix.

SEE ALSO

sum(1)

EXIT STATUS

md5 returns status 0 if processing was completed without errors, 1 if the -c option was specified and the given signature does not match that of the input, and 2 if processing could not be performed at all due, for example, to a nonexistent input file.

COPYING

This software is in the public domain. Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, without any conditions or restrictions. This software is provided “as is” without express or implied warranty.

ACKNOWLEDGEMENTS

The MD5 algorithm was developed by Ron Rivest. The public domain C language implementation used in this program was written by Colin Plumb in 1993.

Fourmilab home page


by John Walker
January 14th, 2008