Table of Contents
shash - generates or checks digests or macs.
shash [-nqvmdbtlhVL
] [-c file] [-a algorithm] [-i config_file] [-o keymode] [-k key] [ filename ... ]
Shash is a program intended to produce message digests for
files, or it can check with the output of a former run whether the message
digests are still the same (i.e. whether the files changed). Shash uses several
hash algorithms. Since everyone can generate the message digest, it may
not be suitable for some security related applications.
Because of this
shash also supports HMAC (rfc2104), which is a mechanism for message authentication
using cryptographic hash functions. So shash can use a key with a hash algorithm
to produce hashes that can only be verified with the key. This way you can
securely check (i.e. you are sure that nobody can modify the mac, without
beeing detected) if files in a filesystem were altered.
If the list of
files and digests, that shash produces, is stored as a file in a disk,
you should also create a digest of the list that holds the digests, to
ensure that no file is removed from the list.
If no filenames are given,
it hashes the standard input to standard output.
- -m --hmac
- Works in
hmac mode. Prompts for a password or accepts it from the --key parameter.
- -h
--help
- Display a help screen and quit.
- -L --license
- Display the shash's license
and quit.
- -V --verbose
- Display some extra information.
- --listkeygen
- Lists all
the supported key generation algorithms. (The algorithms that generate a
key from a password)
- -o --keymode keymode
- Keymode may be one of the modes
listed when the --listkeygen parameter is specified.
- -q --quiet
- Suppress some
not critical warnings.
- -b
- Use binary mode. In unix environment, only difference
between this and the normal mode is an asterix preceding the filename in
the output.
- -c
- Check the checksum of all files listed in file against the
checksum listed in the same file.
- -t, --text
- Treat all input files as text
files. This is the reverse option to --binary.
- -n, --nolock
- It does not use fcntl()
to lock the files.
- -d, --doublecheck
- It prompts twice for the password.
- --nosalt
- It does not use a salt, which is normally combined with the key in HMAC
mode.
- -k --key KEY
- Enter the keyword via the command line. The KEY is then used
as keyword instead of prompting for it. Keep in mind that someone may see
the command you are executing and so your key.
- -c --config FILE
- Use the specified
configuration file. The default is .shashrc in your home directory. The format
of the configuration file is the same as the parameters. An example file
is: algorithm sha1
keymode s2k_simple
key a_very_secret_one
- -a --algorithm ALGORITHM
- The algorithm that will be used.
- -l --list
- Displays
the supported algorithms.
- -v --version
- Version. Display the version number and
quit.
Shash uses the following environment variables:
SHASH_KEY:
to specify the key.
SHASH_KEYMODE; to specify the keymode.
You can use
these instead of using the command line (which is insecure).
md5sum(1)
Exit status is normally 0;
Usage: shash [-nqvmdbtlhVL] [-c file]
[-a algorithm] [-i config_file] [-o keymode] [-k key] [filename...]
Copyright
(C) 1999 Nikos Mavroyanopoulos (nmav@hellug.gr).
Table of Contents