Checksum many files at once
Drop a set of files to hash them all — export a ready-to-publish SHA256SUMS, or import one and get per-file pass/fail. Free, local, in your browser.
or paste the sums text
| file | size | hash | status |
|---|
Publishing checksums for a release
The convention every downloader's tooling understands: one SHA256SUMS file at the top of your release, one line per artifact. Drop your artifacts above, let them hash, and download the generated file — it's byte-compatible with what sha256sum * prints on Linux, so sha256sum -c SHA256SUMS just works for your users (as does shasum -a 256 -c on macOS). Publishing BLAKE3 too? Switch the algorithm and export a B3SUMS alongside.
Verifying a folder of downloads
The reverse trip: import the publisher's sums file (or paste its text), then drop the files you downloaded. Each row gets a verdict — ✓ ok, ✗ failed, or "not in list" when no line matches the filename — and entries you didn't download show as missing rather than silently vanishing. The algorithm is inferred from the hash length in the file, with a note when the length is ambiguous. It's sha256sum -c without a terminal; if you'd rather have the terminal, the Linux guide covers the native commands.
Format notes, for the curious
The GNU format this page reads and writes: hash, two spaces, filename. A * before the filename means binary mode (identical output on unix; it matters on old Windows tools), # starts a comment, and BSD-style lines — SHA256 (file) = hash, as printed by macOS's md5 or openssl dgst — are accepted on import too, along with Windows line endings. Single files are simpler still: the verify tool takes one file and one pasted hash, in any of these formats.
questions
What format is a SHA256SUMS file, exactly?
One line per file: the hex digest, two spaces, then the filename — for example b94d27b9… release.tar.gz. A * before the name marks binary mode (identical result on unix), and # starts a comment. This page reads and writes that format, the same one sha256sum uses.
How do I verify the exported file on Linux or macOS?
Put it next to the files and run sha256sum -c SHA256SUMS on Linux or shasum -a 256 -c SHA256SUMS on macOS. Full walkthroughs: Linux guide, macOS guide.
Are my files uploaded while this runs?
No. Each file is read locally in 4 MB slices and hashed in a background worker in your browser. Nothing goes over the network — which also means there's no size limit beyond your patience.
Why does a file show "not in list"?
The imported sums file has no line whose filename matches exactly — same spelling, case and extension. Files renamed after the list was made will do this. The hash comparison itself ignores case; filenames don't.
Can I checksum an entire folder?
Select or drop the files inside it (Ctrl/Cmd-A in your file manager helps). Browsers don't reliably hand a whole folder tree to a web page, so subfolders need a second pass — or use the terminal one-liners in the Linux guide for deep trees.