Tuesday, January 12, 2021

Computing File Hash on Windows

Two "build-in" tools we can use to compute file hash values on Windows are Windows PowerShell and CertUtil.

In Windows PowerShell, we can compute a hash value for a file using Get-FileHash command.

C:\> PowerShell
PS C:\> help Get-FileHash

NAME
Get-FileHash

SYNTAX
Get-FileHash [-Path] <string[]> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}]
[<CommonParameters>]

Get-FileHash -LiteralPath <string[]> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 |
RIPEMD160}] [<CommonParameters>]

Get-FileHash -InputStream <Stream> [-Algorithm {SHA1 | SHA256 | SHA384 | SHA512 | MACTripleDES | MD5 | RIPEMD160}]
[<CommonParameters>]


ALIASES
None


REMARKS
Get-Help cannot find the Help files for this cmdlet on this computer. It is displaying only partial help.
-- To download and install Help files for the module that includes this cmdlet, use Update-Help.
-- To view the Help topic for this cmdlet online, type: "Get-Help Get-FileHash -Online" or
go to https://go.microsoft.com/fwlink/?LinkId=517145.

Windows also comes with a tool called CertUtil that provides an option to compute file hash value as well.


C:\>CertUtil -hashfile -?
Usage:
  CertUtil [Options] -hashfile InFile [HashAlgorithm]
  Generate and display cryptographic hash over a file

Options:
  -Unicode          -- Write redirected output in Unicode
  -gmt              -- Display times as GMT
  -seconds          -- Display times with seconds and milliseconds
  -v                -- Verbose operation
  -privatekey       -- Display password and private key data
  -pin PIN                  -- Smart Card PIN
  -sid WELL_KNOWN_SID_TYPE  -- Numeric SID
            22 -- Local System
            23 -- Local Service
            24 -- Network Service

Hash algorithms: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

CertUtil -?              -- Display a verb list (command list)
CertUtil -hashfile -?    -- Display help text for the "hashfile" verb
CertUtil -v -?           -- Display all help text for all verbs
  
Below are examples.

C:\> CertUtil -hashfile C:\Windows\System32\drivers\etc\hosts sha512
SHA512 hash of C:\Windows\System32\drivers\etc\hosts:
59119e66f5945029f8652c5981589d95cace534adc6780ccea736b7e776615caa0b567c14d161271d6066f57d9bab0d4055850162f5a046c0456264b7b9e7508
CertUtil: -hashfile command completed successfully.

C:\> PowerShell
PS C:\> Get-FileHash -Path C:\Windows\System32\drivers\etc\hosts -Algorithm sha512 | Format-List


Algorithm : SHA512
Hash      : 59119E66F5945029F8652C5981589D95CACE534ADC6780CCEA736B7E776615CAA0B567C14D161271D6066F57D9BAB0D4055850162F5
            A046C0456264B7B9E7508
Path      : C:\Windows\System32\drivers\etc\hosts