Checksum many files at once

Drop a set of files to hash them all — export a ready-to-publish SHA256SUMS, or import one and get per-file pass/fail. Free, local, in your browser.

drop files here or browse as many as you like · hashed one by one, locally, never uploaded
verify against a sums file (optional):
or paste the sums text


Publishing checksums for a release

The convention every downloader's tooling understands: one SHA256SUMS file at the top of your release, one line per artifact. Drop your artifacts above, let them hash, and download the generated file — it's byte-compatible with what sha256sum * prints on Linux, so sha256sum -c SHA256SUMS just works for your users (as does shasum -a 256 -c on macOS). Publishing BLAKE3 too? Switch the algorithm and export a B3SUMS alongside.

Verifying a folder of downloads

The reverse trip: import the publisher's sums file (or paste its text), then drop the files you downloaded. Each row gets a verdict — ✓ ok, ✗ failed, or "not in list" when no line matches the filename — and entries you didn't download show as missing rather than silently vanishing. The algorithm is inferred from the hash length in the file, with a note when the length is ambiguous. It's sha256sum -c without a terminal; if you'd rather have the terminal, the Linux guide covers the native commands.

Format notes, for the curious

The GNU format this page reads and writes: hash, two spaces, filename. A * before the filename means binary mode (identical output on unix; it matters on old Windows tools), # starts a comment, and BSD-style lines — SHA256 (file) = hash, as printed by macOS's md5 or openssl dgst — are accepted on import too, along with Windows line endings. Single files are simpler still: the verify tool takes one file and one pasted hash, in any of these formats.

questions

What format is a SHA256SUMS file, exactly?

One line per file: the hex digest, two spaces, then the filename — for example b94d27b9… release.tar.gz. A * before the name marks binary mode (identical result on unix), and # starts a comment. This page reads and writes that format, the same one sha256sum uses.

How do I verify the exported file on Linux or macOS?

Put it next to the files and run sha256sum -c SHA256SUMS on Linux or shasum -a 256 -c SHA256SUMS on macOS. Full walkthroughs: Linux guide, macOS guide.

Are my files uploaded while this runs?

No. Each file is read locally in 4 MB slices and hashed in a background worker in your browser. Nothing goes over the network — which also means there's no size limit beyond your patience.

Why does a file show "not in list"?

The imported sums file has no line whose filename matches exactly — same spelling, case and extension. Files renamed after the list was made will do this. The hash comparison itself ignores case; filenames don't.

Can I checksum an entire folder?

Select or drop the files inside it (Ctrl/Cmd-A in your file manager helps). Browsers don't reliably hand a whole folder tree to a web page, so subfolders need a second pass — or use the terminal one-liners in the Linux guide for deep trees.