SHASH(1) local SHASH(1) 13 Feb 2000 NAME shash - generates or checks digests or macs. SYNOPSIS shash [-nqvmdbtlhVL ] [-c file] [-a algorithm] [-i config_file] [-o keymode] [-k key] [ filename ... ] DESCRIPTION Shash is a program intended to produce message digests for files, or it can check with the output of a former run whether the message digests are still the same (i.e. whether the files changed). Shash uses several hash algorithms. Since everyone can generate the message digest, it may not be suitable for some security related applications. Because of this shash also supports HMAC (rfc2104), which is a mechanism for message authentication using cryptographic hash functions. So shash can use a key with a hash algorithm to produce hashes that can only be verified with the key. This way you can securely check (i.e. you are sure that nobody can modify the mac, without beeing detected) if files in a filesystem were altered. If the list of files and digests, that shash produces, is stored as a file in a disk, you should also create a digest of the list that holds the digests, to ensure that no file is removed from the list. If no filenames are given, it hashes the standard input to standard output. OPTIONS -m --hmac Works in hmac mode. Prompts for a password or accepts it from the --key parameter. -h --help Display a help screen and quit. -L --license Display the shash's license and quit. -V --verbose Display some extra information. --listkeygen Lists all the supported key generation algorithms. (The algorithms that generate a key from a password) -o --keymode keymode Keymode may be one of the modes listed when the --listkeygen parameter is specified. - 1 - Formatted: October 7, 2024 SHASH(1) local SHASH(1) 13 Feb 2000 -q --quiet Suppress some not critical warnings. -b Use binary mode. In unix environment, only difference between this and the normal mode is an asterix preceding the filename in the output. -c Check the checksum of all files listed in file against the checksum listed in the same file. -t, --text Treat all input files as text files. This is the reverse option to --binary. -n, --nolock It does not use fcntl() to lock the files. -d, --doublecheck It prompts twice for the password. --nosalt It does not use a salt, which is normally combined with the key in HMAC mode. -k --key KEY Enter the keyword via the command line. The KEY is then used as keyword instead of prompting for it. Keep in mind that someone may see the command you are executing and so your key. -c --config FILE Use the specified configuration file. The default is .shashrc in your home directory. The format of the configuration file is the same as the parameters. An example file is: algorithm sha1 keymode s2k_simple key a_very_secret_one -a --algorithm ALGORITHM The algorithm used to encrypt and decrypt. Unless the bare flag is specified there is no need to specify these for decryption. -l --list Displays the supported algorithms. -v --version Version. Display the version number and quit. ENVIRONMENT Shash uses the following environment variables: - 2 - Formatted: October 7, 2024 SHASH(1) local SHASH(1) 13 Feb 2000 SHASH_KEY: to specify the key. SHASH_KEYMODE; to specify the keymode. You can use these instead of using the command line (which is insecure). SEE ALSO md5sum(1) DIAGNOSTICS Exit status is normally 0; Usage: shash [-nqvmdbtlhVL] [-c file] [-a algorithm] [-i config_file] [-o keymode] [-k key] [filename...] AUTHORS Copyright (C) 1999 Nikos Mavroyanopoulos (nmav@hellug.gr). - 3 - Formatted: October 7, 2024